Hacker Releases iPhone 5s Secure Enclave Decryption Keys

SHARE:

iOS users beware: A hacker has just published a decryption key for the Apple Secure Enclave, which is responsible for processing Touch ID transactions.

Hacker Releases iPhone 5s Secure Enclave Decryption Keys
A hacker has claimed to have “hacked” into iPhone’s Secure Enclave. Going by the online moniker of Xerub, the security researcher has released what he claims to be a full decryption key for the Secure Enclave Processor (SEP) for Touch ID.

Apple introduced Touch ID with its iPhone 5s, and since then the company has taken user security to the next level. Secure Enclave is a coprocessor embedded in the device that runs completely on its own with its own operating system. Keeping all things security in a separate coprocessor prevents the primary chip from accessing any sensitive data. The coprocessor has its own operating system (SEPOS), which includes a kernel, drivers, and applications.

By releasing the decryption key, Xerub has essentially started a conversation about the security of this so-called unhackable part of iPhone. “The fact that [SEP] was hidden behind a key worries me,” Xerub told TechRepublic. “Is Apple not confident enough to push SEP decrypted as they did with kernels past iOS 10?”

Apple’s Secure Enclave uses encrypted memory and a hardware random number generator to provide “all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.”
The Secure Enclave runs an Apple-customized version of the L4 microkernel family. The Secure Enclave utilizes its own secure boot and can be updated using a personalized software update process that is separate from the application processor. On A9 or later A-series processors, the chip securely generates the UID (Unique ID). This UID is still unknown to Apple and other parts of the system.
As Apple describes it, UID is key to Secure Enclave, which is then further entangled with an ephemeral key that is generated when an iPhone boots up. Secure Enclave’s memory is authenticated with this ephemeral key. When the Touch ID is pressed, processor forwards the data to Secure Enclave without reading it. “It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave,” Apple writes.

Xerub has now claimed that the iPhone 5s decryption key “is fully grown,” and you can use img4lib to decrypt the firmware and use Xerub’s SEP firmware split tool to process. This release means that anyone with the right expertise can use the img4lib to decrypt SEPOS that powers the Secure Enclave. If this key is indeed correct, it could prove to be a major blow to iOS security since it’s responsible for processing Touch ID transactions. It should be noted, however, that this is not as much of a “hack” of Secure Enclave as it is a release of firmware that will give more people a peek into SEPOS.

“I think public scrutiny will add to the security of SEP in the long run,” Xerub said, noting that he hasn’t hacked into the Secure Enclave but his releasing of decryption key will help researchers (and attackers) to poke into the software and hopefully help Apple make it more secure.

COMMENTS

Name

AI,4,AMD,1,Android,8,Apple,2,Automobile,1,Bitcoin,2,Blogger,7,Bloging,4,Breakthrough,1,Camera,1,Computer,9,CPU,1,Cryptocurrency,1,CuttingEgde,2,CyberSecurity,5,Download,1,Editing,1,Gaming,44,Giveaway,4,Guide,1,Hacking,3,Hacking News,4,Hardware,18,How To,12,i,4,iOS & Mac,9,iPhone,8,Laptop,1,Leak,6,Malwares,1,Marketing,2,Mobile,46,News,5,Notebook,2,Programming,14,Robotics,2,Rumor,5,Science,1,Security,14,SEO,2,Social Media,5,Software,14,Tablet,1,Technology,42,Weapon,1,Web,11,Website,1,Windows,1,
ltr
item
TechFonder: Hacker Releases iPhone 5s Secure Enclave Decryption Keys
Hacker Releases iPhone 5s Secure Enclave Decryption Keys
iOS users beware: A hacker has just published a decryption key for the Apple Secure Enclave, which is responsible for processing Touch ID transactions.
https://3.bp.blogspot.com/-k1C7Yu8H8Qk/WZcQ5Ub3rxI/AAAAAAAAAGo/I1Vc4b84Eo48qy77qoCmEHZxHi-Avux8ACLcBGAs/s320/secure-enclave-1030x708.jpg
https://3.bp.blogspot.com/-k1C7Yu8H8Qk/WZcQ5Ub3rxI/AAAAAAAAAGo/I1Vc4b84Eo48qy77qoCmEHZxHi-Avux8ACLcBGAs/s72-c/secure-enclave-1030x708.jpg
TechFonder
http://www.techfonder.com/2017/08/iphone-5s-secure-enclave-hack.html
http://www.techfonder.com/
http://www.techfonder.com/
http://www.techfonder.com/2017/08/iphone-5s-secure-enclave-hack.html
true
4189235006833635040
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy