Everything You Need to Know about the Apple Secure Enclave Hack

On Wednesday, a hacker by the name “xerub” released a decryption key for Apple’s Secure Enclave Processor (SEP). This has sparked fears that iPhone encryption has been compromised. It hasn’t, but there has been—as iMore puts it—fear, uncertainty, and doubt surrounding the issue. Here is everything we know about the Secure Enclave hack, and what it means for the security of the iPhone.

Secure Enclave Processor

First, let me say loud and clear that the iPhone’s encryption is as strong as it’s ever been. This hack doesn’t necessarily mean hackers can break into your iPhone or iPad and steal your data. The Secure Enclave [PDF] is a coprocessor included in the Apple S2, A7, and later A-series chips, and was introduced in 2013 along with TouchID in the iPhone 5s.

The SEP includes encrypted memory, as well as a hardware random number generator. It’s used as part of the secure boot process, and it’s responsible for processing your fingerprint data from the TouchID sensor, as well as keeping Health data and Apple Pay financial data safe. In short, it’s a very important part of hardware security architecture for Apple’s devices.

Mockup of iPhone security architecture with the secure enclave. The secure enclave hack doesn't affect this.

xerub’s Decryption

Speaking of the iPhone 5s, that’s what xerub was working with. Code for the SEP is similar across devices, but not the same. And the cryptographic keys it generates are absolutely different across devices.

The Secure Enclave is isolated from the rest of the system. It’s like having a house where the windows are blacked out. The decryption means that now we can look through the windows, but we still can’t get in. And the decryption only works on the iPhone 5s, although it’s possible the code could be modified for other models.

Open-Source

This isn’t necessarily a bad thing. In the security world, openness is good. It sounds counterintuitive, because shouldn’t you hide your code from everyone? Maybe some code, but not code that involves security. If you have thousands of security researchers going through your code, they could potentially spot vulnerabilities and other weaknesses, and help you by telling you about them.

Additionally, if everyone can see your code, it’s not possible to hide a secret backdoor either. Researchers would see it. Now, openness also means that the bad guys can look at your code, too. And it’s possible a malicious hacker could spot a hole in the code and not tell anyone, while creating an attack for it and selling it as a zero-day exploit. But with thousands of good guys looking for these holes, it will be found and fixed.

And that is the reason why xerub publicly released the decryption key (via TechRepublic):

The fact that [the SEP] was hidden behind a key worries me. Is Apple not confident enough to push SEP decrypted as they did with kernels past iOS 10?…Obscurity helps security—I’m not denying that [but] I think public scrutiny will add to the security of SEP in the long run.

Additionally, an anonymous source at Apple told TechRepublic:

There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information…It’s not an easy leap to say it would make getting at customer data possible.

For now, Apple hasn’t announced plans to release a patch for this. The windows to the house will remain see-through, but impenetrable. I’m sure Apple is continuously looking for ways to improve device security, and who knows? Maybe we’ll see a Secure Enclave 2.0 in the future.

2 thoughts on “Everything You Need to Know about the Apple Secure Enclave Hack

  • MacAfee says Mac malware is up 700% in last couple years,

    Percents are one thing, the number of malware is another. And how many of them are driveby and how many require the user to install.

  • MacAfee says Mac malware is up 700% in last couple years, 50% 1st quarter this year alone. Scary thing is, like Fruitfly you can have your whole system rooted through and not even know it. The takeaway is do NOT think Apple products are any more secure than any other platform because a quick check of the Malware sites will show you otherwise; and Mobile is the worst most porous of all iOS or Android – makes no difference. You are foolishly spinning as usual – giving people this “oh yeah, it’s bad but here’s the bright side” attitude instead of warning people about how porous and easily compromised Mobile and to lesser degree wired computing is today. You never hear the bullet that kills you, you know – so it’s best to be pro-active in defense daily if not weekly – that is the message you should be sending.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.