A hacker has decrypted the iPhone's security chip, but your data is still safe
by Kaloyan C. / Aug 18, 2017, 8:56 AM
In order to make Touch ID on the iPhone 5s an onward secure, Apple introduced a fairly opaque piece of technology to its devices — the so-called Secure Enclave Processor (or SEP in short). This, in simple terms, is a piece of hardware found in almost every Apple-made device since the 5s which is used to keep users' private data (think passwords, fingerprints, and everything else that requires cryptography) secure, taking the form of a tiny coprocessor kept completely isolated from the rest of the device.
xerub on GitHub.And up until now, the SEP has been a black box to pretty much everyone outside of Apple, as the firmware governing it has been encrypted — or in other words, no one could even see what the processor is actually doing. However, this layer of security has now been compromised, following the public release of the decryption keys by a hacker going by the name
And while this may sound like grim news, it really isn't — user data processed by the SEP is still safe, since the only thing that's been exposed is the firmware that runs on the chip that protects said data. In fact, one might argue that now that it can be accessed, the firmware can be probed by security researchers, and issues not uncovered by Apple (if there are any, that is) can be patched in time, before they're exploited by a malicious third party.
If fact, Apple doesn't seem particularly worried about the release of the keys — an unnamed Apple employee speaking with TechRepublic claimed the company doesn't plan on issuing a fix to the SEP's firmware at this point. Or in other words, don't panic about you security being compromised just yet.
Posts: 90; Member since: Mar 01, 2016
Well, this is how it usually starts...:)
posted on Aug 18, 2017, 9:12 AM 3
Posts: 609; Member since: Jul 15, 2010
I imagine the reaction of Phonearena if it was Android failure. Really fanboy site.
posted on Aug 18, 2017, 9:29 AM 16
Posts: 4063; Member since: Jul 23, 2013
Can you see how hard they're trying to spin this? iPA: "LOOK GUYS, its a feature, now people can do Apple's job for them by telling them about their failures." And then they go on to happily explain that Apple will do exactly what they do when exploited... nothing (which is also good for your apparently).
posted on Aug 18, 2017, 4:12 PM 2
Posts: 6897; Member since: Mar 16, 2013
Well I am waiting for the Apple zealots like kiko007, mikehunta727, cnour, and others to defend iOS, and tell everyone it's safe. Or they will say it's still the safest and most secure OS. Yeah, right. Oh, if anyone is interested here is a hack that anyone can do to break into anyone's iPhone 7/7+. https://youtu.be/IXglwbyMydM
posted on Aug 18, 2017, 9:29 AM 11
Posts: 1901; Member since: Dec 27, 2016
Translation; iPhones can't be hacked, least of all by idiots like Wickedsamaritan and trojanhorse, so they'll deflect. Don't worry girls, I've got plenty of butthurt ointment I'd love to spread on your sweet holes. LMAO!!!!
posted on Aug 18, 2017, 1:56 PM 1
Apple zealot? Are you okay? I live in objective reality and look at things objectively, I can give credit where it's due because I ain't no fanboy for anything. All they did with the 5S SEP is decrypt the software running on the enclave, they can't unlock the enclave at all still, the door is still locked, like a room with windows, you can see inside but can't get in still This currently only affects the 5S and doesn't give up the data inside still And yeah that's cool, you showed me a box hacking a iPhone.. things like this will get patched nearly immediately for the user base and get more fortified. It doesn't matter what you link me because it doesn't change the fact that iOS is regarded as being more secure Latest version of Android is quite secure from what it used to be but it still is missing some important security features that were in iOS 5, years ago. Here, let the CEO of Zerodium talk actually (bigest blackhat hacking group out there in the world) ; https://arstechnica.com/inform
"Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," he told Ars. Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both."
"A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that's triple the size of its previous one.
Zerodium also doubled, to $200,000, the amount it will pay for attacks that exploit previously unknown vulnerabilities in Google's competing Android operating system
$1.5 million for each iOS exploit vs $200,000 for Android vulnerability.
User base being able to receive update same day globally is a big advantage also. Common sense. Us folks at r/Android can actually have serious dialogue over iOS vs Android without zealoting out and keeping a closed mind and eye to each advantage/disadvantage. It's normal when your a all around technology lover and not a fanboy and love one thing only
Logic > past your head
Get some good rest now godsell
posted on Aug 18, 2017, 11:00 AM 3
Half is quotes, from Zerodium's CEO. A bit clear that you didn't read it but honestly I could care less if you did or didn't I don't usually bother but sometimes you just got to put some people in their place once in a while. No harm in that. Hopefully my posts can enlighten some actually because I remain neutral with technology and can have some constructive, objective dialogue about products, etc
posted on Aug 18, 2017, 11:45 AM 1
That's patched in iOS 11, which comes out to the whole user base in under a month. Your also forgetting that this hack is essentially useless because the passcode has to be changed within 10 minutes for the box to work, good luck finding a device with a passcode that has just been changed within 10 minutes of having it in your possession. It'll never happen. It's just a little cute bug that was found Plus you need to steal the device to do it, that's even if before the device gets locked by activation lock from the owner of the device. It's completely useless in under a month. You can do the very same thing to Android devices without having to buy a $500 device. The situation is a lot worse on Android in terms of security of the whole user base
posted on Aug 19, 2017, 6:57 PM 0
This black box can't affect anyone at all in the real world because you'll never find a device that has had it's passcode changed in that 10 minute window you have only to be able to hack through it with the box. After 10 minutes of the passcode being changed, the black box can't hack through it, aka useless and patched in iOS 11 which hits the billion plus user base of iOS next month
posted on Aug 19, 2017, 7:04 PM 0
Posts: 418; Member since: Dec 07, 2016
Guy captures retina of a person using hi def camera and prints it and uses some other stuff to fake iris scanner and people went crazy saying it's not safe bla bla bla. Guy hacks the security layer of coprocessor and people are like meh.. Apple might send an update to patch it.
posted on Aug 18, 2017, 9:38 AM 9
Posts: 3889; Member since: Nov 01, 2016
There are theories out there, especially since we haven't seen any mass replication of the iris hack, that the original demonstration of the virus back could have been actually done by training the iris sensor to recognize the fake iris in setup. Not sure if its true and could just be conspiracy.
posted on Aug 18, 2017, 10:30 AM 0
Posts: 1345; Member since: Oct 05, 2011
hold it right there!! Just hold it right there!! Think about this statement "And while this may sound like grim news, it really isn't — user data processed by the SEP is still safe, since the only thing that's been exposed is the firmware that runs on the chip that protects said data. In fact, one might argue that now that it can be accessed, the firmware can be probed by security researchers, and issues not uncovered by Apple (if there are any, that is) can be patched in time, before they're exploited by a malicious third party." It protects said data- It protects said data and has been hacked. Come on this is serious!!! Is PA assuming that it has not already been exploited? That is a big assumption I don't think anyone wants to even contemplate. "If fact, Apple doesn't seem particularly worried about the release of the keys — an unnamed Apple employee speaking with TechRepublic claimed the company doesn't plan on issuing a fix to the SEP's firmware at this point. Or in other words, don't panic about you security being compromised just yet." How many times have we heard this before? Wait!! Wait!! Wait!! when a company tells you not to panic its time to panic. Remember Atena? they said the breach was small then later is was reveled that millions of records were compromise? Remember -Target and home depot? they said the breach was small then later is was reveled that millions of records were compromise? Remember United health care? they said the breach was small then later is was reveled that millions of records were compromise? The point is everyone should start by checking their information credit cards bank accounts and place fraud alerts immediately. Again we should learn from history that when a big corporation gets hack ( Google, Samsung, Microsoft, Apple etc..) that has our information they will always play it down and tell us not to panic but meanwhile behind the scene they are scrambling to get a grip on just how bad things are before the release their first press statement that indeed a few thousand accounts were access but it was all stall info. Then six months later they drop the bomb that millions were affected and that their users should check their credit and accounts for fraudulent information which by that time its too late. So PA should know better than this and be telling its users to please keep an eye on their accounts.
posted on Aug 18, 2017, 10:00 AM 1
Posts: 1251; Member since: Dec 03, 2014
This is hilarious....iphone component gets hacked and it is a positive thing
posted on Aug 18, 2017, 10:02 AM 8
Posts: 1345; Member since: Oct 05, 2011
I don't get it it this is seriously wrong. I don't think if Knox was compromised that PA would be down playing it and neither should they as this is Serious stuff. Its not a iris scanner or a pin But the actual stand alone processor that seems to be responsible for the very encryption on the device.
posted on Aug 18, 2017, 11:48 AM 1
Posts: 6710; Member since: Dec 02, 2011
All hacks are positive, because they teach the producers to do better security systems.
posted on Aug 19, 2017, 2:40 AM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):