Hacker decrypts Secure Enclave firmware

Anthony Caruana
18 August, 2017
View more articles fromthe author
AAA
Security

The Secure Enclave chip in your iPhone, iPad or recently released MacBook Pro is a core part of Apple’s system security. That chip is used to verify lots of secure interactions, such as when you use a fingerprint to unlock a device or an app or complete an Apple Pay transaction.

Touch ID on an iPhone 5s.

A hacker, going by the Twitter handle @xerub, says he/she has been able to decrypt the software running on the Secure Enclave chip. That means, with further effort, a hacker could reverse engineer how the chip works and compromise the secure operation of Apple’s hardware and software.

This is a significant development but isn’t, yet, a cause to panic. Every device using the Secure Enclave chip is assigned a unique identifier that is used to create encryption keys on your device. So, for someone to access your secure data and somehow compromise the integrity of transactions they will, in all likelihood require physical access to your device.

I have always said physical access can overcome almost all logical security. This appears to still be the case, although it will remain difficult for threat actors to exploit @xerub’s work. In other words, this is a small but significant step for hackers.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us