Apple won’t release a fix for Secure Enclave’s exposed decryption key

Apple won’t release a fix for Secure Enclave’s exposed decryption key
August 18 14:56 2017

Following the exposure of the decryption key protecting the firmware software running on the iPhone 5s’s Secure Enclave coprocessor that was posted on GitHub yesterday, an Apple source has reportedly said that any customer data securely stored in the cryptography coprocessor remains protected and that the company does not intend to roll out a fix at this time.

TechRepublic interviewed the hacker “xerub” who posted the decryption key.

He explains that decrypting the Secure Enclave firmware could theoretically make it possible to watch the cryptographic coprocessor do its work and perhaps reverse-engineer its process, but warned that “decrypting the firmware itself does not equate to decrypting user data.”

That’s why an Apple source who wished to remain unidentified told the publication that the key’s exposure doesn’t directly compromise customer data. “There are a lot of layers of security involved in the Secure Enclave and access to the firmware in no way provides access to data protection class information,” said the Apple source.

The statement may be interpreted as a sign of Apple’s confidence that analysis of the Secure Enclave firmware will in no way compromise any passwords, encryption keys, payment tokens, fingerprint data and other information kept securely in the coprocessor’s own encrypted memory.

Had Apple felt that the exposure of the decryption key would have made Touch ID hacks, password harvesting scams or other attacks possible, it would have surely released a fix as soon as possible.

To that effect, the unnamed Apple source added that it’s “not an easy leap to say it would make getting at customer data possible.”

The hacker opined that Apple should not have encrypted the Secure Enclave firmware in the first place, reminding us that the company no longer encrypts the iOS kernel as of iOS 10.

The fact that the Secure Enclave was hidden behind a key worries me. Is Apple not confident enough to push the Secure Enclave firmware decrypted as they did with kernels past iOS 10?.

The fact that the Secure Enclave is a “black box” adds very little, if anything, to security. “Obscurity helps security—I’m not denying that,” he said, but added that relying on it for security isn’t a good idea.

The Secure Enclave has its own encrypted memory and stores crucial encryption keys that protect your data. The exposure of the key allows security researchers with the expertise in this field to take a closer look at the software running on the coprocessor.

He posits that exposing the decryption key will add to the security of the Secure Enclave in the long run, noting that was also his intention with releasing the key.

“Apple’s job is to make the Secure Enclave as secure as possible,” he said. “It’s a continuous process. There’s no actual point at which you can say ‘right now it’s 100 percent secure.’ ”

The Secure Enclave is walled off from the main processor and the rest of the system.

Because it uses its own firmware that updates separately, is physically walled off from the main processor and isolates all communication between it and the processor to an interrupt-driven mailbox and shared memory data buffers, nothing the Secure Enclave does is known to the rest of the device.

Some of the things the coprocessor is tasked with include verifying passcodes, handling communication between it and the Touch ID fingerprint sensor via a secure path, determine if there’s a positive fingerprint match, authorizing Apple Pay payment transactions, generating the device’s Unique ID (UID), encrypting and decrypting data as it’s written to and read from the file system and more.

Image top of post: Secure Enclave (smaller rectangle) embedded in the A7 chip inside iPhone 5s

  Article "tagged" as:
view more articles

About Article Author

write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment

Your data will be safe! Your e-mail address will not be published. Also other data will not be shared with third person.
All fields are required.