Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com)

Posted by BeauHD on from the mobile-security dept.

According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.

4 of 111 comments (clear)

  1. Re: Honest Question by Anonymous Coward · · Score: 3, Informative

    Will firstly there is no vulnerability here.

    This does not effect the ability of the secure enclave to protect the user, it does not help law enforcement or any one to crack user data.

    This is simple the code of what it does. If upon examination someone finds a vulnerability, then presumably they will let apple know...

  2. Re:Honest Question by turkeydance · · Score: 4, Informative

    to get a job. (either ethical or criminal) "i did this, which means i'm good". show me the money.

  3. Re: Honest Question by Anonymous Coward · · Score: 2, Informative

    Because just saying "look at this bug I found" gets you ignored.
    If you want the problem solved, you give everyone a tool to exploit it for the quickest fix. Also, even going that far, you may still be ignored.

  4. Re:This is great! by cryptizard · · Score: 5, Informative

    To clarify though, no security was actually broken here. All he did was decrypt an obfuscated portion of the firmware. This may lead to some vulnerabilities in said firmware being discovered, but as of yet iOS is just as secure as it was yesterday.