A hacker has decrypted the iPhone's security chip, but your data is still safe


In order to make Touch ID on the iPhone 5s an onward secure, Apple introduced a fairly opaque piece of technology to its devices — the so-called Secure Enclave Processor (or SEP in short). This, in simple terms, is a piece of hardware found in almost every Apple-made device since the 5s which is used to keep users' private data (think passwords, fingerprints, and everything else that requires cryptography) secure, taking the form of a tiny coprocessor kept completely isolated from the rest of the device.

And up until now, the SEP has been a black box to pretty much everyone outside of Apple, as the firmware governing it has been encrypted — or in other words, no one could even see what the processor is actually doing. However, this layer of security has now been compromised, following the public release of the decryption keys by a hacker going by the name xerub on GitHub.

And while this may sound like grim news, it really isn't — user data processed by the SEP is still safe, since the only thing that's been exposed is the firmware that runs on the chip that protects said data. In fact, one might argue that now that it can be accessed, the firmware can be probed by security researchers, and issues not uncovered by Apple (if there are any, that is) can be patched in time, before they're exploited by a malicious third party.

If fact, Apple doesn't seem particularly worried about the release of the keys — an unnamed Apple employee speaking with TechRepublic claimed the company doesn't plan on issuing a fix to the SEP's firmware at this point. Or in other words, don't panic about you security being compromised just yet.

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless