On Wednesday, a hacker by the name “xerub” released a decryption key for Apple’s Secure Enclave Processor (SEP). This has sparked fears that iPhone encryption has been compromised. It hasn’t, but there has been—as iMore puts it—fear, uncertainty, and doubt surrounding the issue. Here is everything we know about the Secure Enclave hack, and what it means for the security of the iPhone.
Secure Enclave Processor
First, let me say loud and clear that the iPhone’s encryption is as strong as it’s ever been. This hack doesn’t necessarily mean hackers can break into your iPhone or iPad and steal your data. The Secure Enclave [PDF] is a coprocessor included in the Apple S2, A7, and later A-series chips, and was introduced in 2013 along with TouchID in the iPhone 5s.
The SEP includes encrypted memory, as well as a hardware random number generator. It’s used as part of the secure boot process, and it’s responsible for processing your fingerprint data from the TouchID sensor, as well as keeping Health data and Apple Pay financial data safe. In short, it’s a very important part of hardware security architecture for Apple’s devices.
Speaking of the iPhone 5s, that’s what xerub was working with. Code for the SEP is similar across devices, but not the same. And the cryptographic keys it generates are absolutely different across devices.
The Secure Enclave is isolated from the rest of the system. It’s like having a house where the windows are blacked out. The decryption means that now we can look through the windows, but we still can’t get in. And the decryption only works on the iPhone 5s, although it’s possible the code could be modified for other models.
This isn’t necessarily a bad thing. In the security world, openness is good. It sounds counterintuitive, because shouldn’t you hide your code from everyone? Maybe some code, but not code that involves security. If you have thousands of security researchers going through your code, they could potentially spot vulnerabilities and other weaknesses, and help you by telling you about them.
Additionally, if everyone can see your code, it’s not possible to hide a secret backdoor either. Researchers would see it. Now, openness also means that the bad guys can look at your code, too. And it’s possible a malicious hacker could spot a hole in the code and not tell anyone, while creating an attack for it and selling it as a zero-day exploit. But with thousands of good guys looking for these holes, it will be found and fixed.
And that is the reason why xerub publicly released the decryption key (via TechRepublic):
The fact that [the SEP] was hidden behind a key worries me. Is Apple not confident enough to push SEP decrypted as they did with kernels past iOS 10?…Obscurity helps security—I’m not denying that [but] I think public scrutiny will add to the security of SEP in the long run.
Additionally, an anonymous source at Apple told TechRepublic:
There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information…It’s not an easy leap to say it would make getting at customer data possible.
For now, Apple hasn’t announced plans to release a patch for this. The windows to the house will remain see-through, but impenetrable. I’m sure Apple is continuously looking for ways to improve device security, and who knows? Maybe we’ll see a Secure Enclave 2.0 in the future.