Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware

Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware

Posted by · 14 comments · Add Comment
Me - August 20, 2017 at 12:23am
Who give a fuuuccvvkkkI want a jailbreak for iOS 11,
D4xM4Nx - August 18, 2017 at 6:39am
No biggie with this finding and public release, an update can and will close the hole. Apple Pay is a huge deal for everyone involved, the SEP has to stay impenetrable. In my opinion, the SEP should've never been touched since there's already access to the NFC chip, it's doable tho.
Raas Al Ghul - August 18, 2017 at 5:00am
Most of the comments you seem to be from people that do not understand what has been published yes Apple Pride themselves on security and compare to many other companies such as Samsung products Touch ID and the processor used to process the information related to it has been out for around four years and this is the first time something like this has been published that’s pretty good Apple can easily patch this via the update
Raas Al Ghul - August 18, 2017 at 5:12am
Imagine the Secure Enclave as a vault. Apple hung a big, dark curtain over it to prevent anyone from even seeing the vault. Now, that curtain has been opened and people can see the vault. The vault, however, is still locked as securely as ever. No one has broken into it and no one has even gotten any closer to breaking into it.
Why? - August 17, 2017 at 5:54pm
And what is the purpose of this guy publishing the key? Does it help consumers/users in any way, or was it a total dick move?
KGIII - August 17, 2017 at 8:20pm
That is how security works. We have no idea if others have done it and kept it hidden for nefarious reasons. This also enables more people to check for exploits.
Ledow - August 17, 2017 at 10:21pm
Every device has the same base key used in the same process. If one guy can discover this, then the "security" of that entire system, from the fancy sensors to the security processor itself, is useless against actual targeted attacks. Publishing the key: a) makes it easy to prove he's actually done it, b) prompts Apple to secure their system better and change a key that ANYONE could discover but which secures all their products, c) makes it possible to analyse the protocol that's hidden behind the key for stupid and obvious vulnerabilities (e.g. things Apple might have hoped nobody would ever discover because they wouldn't know the key), d) allows third-party repairs and components to Apple devices (at least, the potential for, temporarily, until they update it). Honestly, NOT publishing it isn't doing anyone any favours. Anyone who wanted to could read his method and follow the same path to get the same keys. Anyone who has the key now will be required to change it (if Apple have half-a-brain). It's like saying "Why publish the CSS key for DVD playback?" - because it's not "secure" at all, proven by the fact that someone obtained the key, and anyone with the same amount of technical skill could do the same and put it on the web or secretly use it against you too. Rather than "security by obscurity" (i.e. let's pretend it never happened and try to scrub all traces of the key from the Internet), when a key is compromised, it should be revoked, reissued, and the design reconfigured so that it's not as easy to compromise the next device. Otherwise you are quite literally just saying "Sshh, we know it's useless, security-wise.... don't tell anyone!".
xerub - August 17, 2017 at 10:28pm
Well put, sir.
Paul - August 17, 2017 at 1:48pm
Apple will fix this alleged security breach. They have built their reputation on security. I refuse to think otherwise.
Reader - August 17, 2017 at 2:18pm
You just have to believe in Apple! Sounds like a religious thing for you
Well... - August 17, 2017 at 3:02pm
Once the hardware encryption keys are compromised, there's nothing Apple can do besides change the way the keys are decrypted on the iPhone 8, because it's not software it can't be updated in a software patch.
Wm - August 17, 2017 at 10:04pm
It can. The package only has to be signed by the master key, same as an IPSW package for the general OS. Updating the SE is ultimately not more complicated than updating the baseband.
odedoo1 - August 17, 2017 at 1:15pm
There goes what Apple have built their name on " SECURITY"
komo - August 17, 2017 at 7:55am
The way to steal from apple pay
Prev1 of 1Next