Short Bytes: The decryption key of an Apple security chip called Secure Enclave has been posted by a hacker called xerub. The chip handles all the security-related tasks on iDevices and prevents the CPU from accessing sensitive data. The decryption key gives access to the firmware image of the coprocessor on iPhone 5S.
Secure Enclave Processor (SEP) is a security chip that Apple started putting in iPhones since the release of iPhone 5S.
The security coprocessor, with its own operating system SEPOS, is separate from the main processor of the device and prevents it from accessing sensitive data directly, such as the information stored for TouchID. SEP’s work includes authenticating your TouchID fingerprints with the ones stored on the device.
The chip is in the news because a hacker named “xerub” posted a decryption key related to iPhone 5S’ SEP on the website iPhone wiki. According to The Register, while this key doesn’t allow a person to access the chip, the key can be used to decrypt the firmware on the chip and read its code to know its working.
The key can be used to decrypt an iPhone 5S IMG4 SEP firmware image when used in combination with xerub’s img4lib tool. Another tool by xerub sepsplit can be used to extract binaries from the firmware image.
In their technical documentation, Apple lists the iDevices where the SEP chip finds some space. These include iPhone 5S, iPad Air, iPad Mini 2/3 running the A7 chip, Apple Watch Series 2 (Apple S2 chip), and A-series processors released thereafter.
A Unique ID (UID) number is generated in devices featuring A9 (iPhone 6S, 6S Plus, SE, and iPad 2017) and later chips. This ID is kept aside from the rest of the operating system.
The UID is used to create a temporary key on device startup, which encrypt’s the memory assign to Secure Enclave and authenticates the chip’s memory whenever required, except on A7 devices.
There isn’t much to panic as the decryption key is for iPhone 5S released almost four years ago. In the mean time, Apple has improved their security system a lot.
Sudo Security Group’s CEO Will Scratch thinks the availability of the decryption key can help various security researchers in getting a greater into the firmware. He also said the “key being available does not reduce security of the Secure Enclave in any way.”
“Secure Enclave has the main task of protecting sensitive content, but the firmware decryption key is more comparable to ‘obfuscation’ rather than anything related to protection of the actual content stored.”
Apple’s security implementations have been an unconquered territory for many experts. We did saw the caliber of Apple’s security tech when FBI tried to access the iPhone 5C of the San Bernardino case shooter in early 2016. Even though they managed to crack the device, it was a tedious effort.
