Apple’s impenetrable security chip is penetrated by hacker


Touch ID
But don't freak out just yet!
Photo: Apple

Apple’s supposedly impenetrable security chip found inside iOS devices has been penetrated.

A hacker has released what is claimed to be a decryption key for the Secure Enclave Processor (SEP) that handles things like Touch ID and password verification. But we shouldn’t worry about the security of our Apple devices being compromised… yet.

Introduced with the A7 processor and iPhone 5s, the SEP is where Apple stores your Touch ID fingerprint data. It’s used to verify passwords and Apple Pay transactions, and manages all kinds of other security processes in iOS.

Using a dedicated chip for this separates the processes from the rest of the system, making everything more secure. Even if iOS is hacked and hackers gain access to your data, they cannot access the information stored on the SEP.

The SEP generates a Unique ID (UID) for your device for authentication purposes, and changes it every time your device reboots. However, this is about as much as we know about it so far; Apple is understandably tight-lipped about exactly how it works.

But a hacker, known as Xerub on Twitter, claims to have obtained the SEP’s decryption key, and has uploaded it to GitHub — along with the code required to process it. Don’t freak out just yet!

This key cannot be used to hack into an SEP and retrieve the data from it. It could be used to monitor how the SEP works and to find out all the information Apple won’t tell us. In turn, this information could be used to reverse-engineer the chip and gain access to its data.

Xerub explains, however, that a lot of work would have to go into making this happen, and then exploiting the decrypted firmware. For now, the key cannot be used for much, and Apple is confident our data is secure. An unnamed source told TechRepublic:

There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information. It’s not an easy leap to say it would make getting at customer data possible.

The fact that the SEP was decrypted in the first place is a worry, Xerub says. It suggests Apple isn’t as confident in it as it is in iOS itself, which has shipped with a decrypted kernel since iOS 10.

“He added that while SEP is amazing tech the fact that it’s a ‘black box’ adds very little, if anything to security,” reports TechRepublic. “‘Obscurity helps security — I’m not denying that,’ he said, but added that relying on it for security isn’t a good idea.”

Public scrutiny, which is enabled by releasing the decryption key or shipping the SEP decrypted in the first place, only enhances its security in the long-run, he added. Making it easier for hackers to find flaws in turn makes it easier for Apple to identify and eliminate them.

  • tjwolf

    Shameful clickbait title – the only thing that’s been hacked is the encryption that obfuscate the code on the chip. Still can’t get into the chip, can’t see the data, nothing!

    • oriorda

      I bet you 99% of the coverage of this non-event fails to state the point you make so eloquently. Such is the parlous state of the ‘news’ coverage inflicted on us these days.

  • Bespin

    Apple “security” suspect with encrypted contents of Home Pod firmware leak being rather easily decrypted recently , now this.

    • oriorda

      You need to educate yourself before shooting your mouth off.

      • Bespin

        Do you want to go deep into network security? Do you wanna go into the CIA triad? Do you wanna go into an non repudiation? Would you like to discuss at length with me because guess what? I am an expert in network security so you better. Just go Tuck your tail on your legs and think about what happened. Apple release data that they intended to secure and it was decrypted that’s a big issue peace out.

      • oriorda

        Ooh! I’m terrified. An expert would know more than you indicate in your reply. Anyway, let’s not get into a contest. I’ll concede you have a point. It would be better if the hacker hadn’t found his way into being able to look at the safe. Satisfied?

      • Bespin

        It’s a cluster fk. Apple sells security as a sales tool. Yet time after time they fail. The single fact that they used one key for all devices shows that have little experience in securing anything. Security 101 do not use same key. You might think it’s no biggie… It is. Look at blackhat a custom raspberry pi can crack most common brink safe in 20 min. Seeing the safe is a big thing.

  • AAPL.To.Break.$155.Soon.>:-)

    Is there any security device that can’t be broken if someone tries long and hard enough? Does this mean that the iPhone’s security is easier to break into than the average Android smartphone? What’s Android’s equivalent to the SEP? They seem to be making a big deal out of this, so just how serious is it?

    • oriorda

      Think of it like this: you have your jewels locked in a super secure safe. You can advertise the location of the safe or you can hide it behind a secret panel as a first barrier. Makes sense, doesn’t it? It’s standard procedure in a good cryptographic environment to layer your security, that’s Apple’s approach, to hide the safe behind a secret panel. This hacker Xerub has discovered how to open the secret panel so now he can see the safe. He’s no nearer to cracking the safe.

  • darryl

    Shameful clickbait title – the only thing that’s been hacked is the encryption that obfuscate the code on the chip. Still can’t get into the chip, can’t see the data, nothing!