iphone 5s touch idA hacker released what he claimed to be a firmware decryption key for Apple's Secure Enclave on Thursday, initially sparking fears that iOS security had been compromised.

Apple's Secure Enclave Processor (SEP) handles all cryptographic operations for the Apple Watch Series 2, the A7 processor that powers the iPhone 5s, the iPad Air, the iPad mini 2 and 3, and subsequent A-series chips. The encrypted SEP is completely isolated from the rest of the system and handles Touch ID transactions, password verifications, and other security processes on a separate OS to maintain data protection integrity even if the kernel has been compromised.

One of the ways the SEP does this is by generating a Unique ID (UID) for each device for authentication purposes. The UID automatically changes every time a device is rebooted and remains unknown to other parts of the system, further enhancing its security.

Beyond that, little is known about how the SEP actually works outside of Apple, but that's by design – the enclave's isolation serves to obfuscate it from the rest of the system, preventing hackers from rifling through its code to make it as secure as possible.


The decryption key posted on GitHub yesterday would not enable hackers to access data stored inside the Secure Enclave, but it could allow hackers and security researchers to decrypt the firmware that controls it and potentially spot weaknesses in the code.

Speaking to TechRepublic, the hacker that released the key claimed that Apple's effort to obfuscate the code was itself cause for concern.

"The fact that the SEP was hidden behind a key worries me," said xerub. "Is Apple not confident enough to push SEP decrypted as they did with kernels past iOS 10?" He added that while SEP is amazing tech the fact that it's a "black box" adds very little, if anything to security. "Obscurity helps security — I'm not denying that," he said, but added that relying on it for security isn't a good idea.

"I think public scrutiny will add to the security of SEP in the long run," xerub said, noting that was also his intention with releasing the key.

Xerub claimed it's theoretically possible that the decryption key could be used to watch the SEP do its work, which could potentially allow hackers to reverse-engineer its process and gain access to its contents, including passwords and fingerprint data. However, he admitted that a lot of additional work would need to go into exploiting the decrypted firmware.

It's still unclear what the longer term repercussions could be, but an Apple source who wished to remain anonymous told TechRepublic that the release of the SEP key doesn't directly compromise customer data.

"There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information," they said. "It's not an easy leap to say it would make getting at customer data possible."

More accurately, it makes research into the structure of the SEP possible, which could allow hackers to find flaws in its workings. Apple said it did not plan to roll out a fix at this time.

Top Rated Comments

RichTF Avatar
49 months ago
This is why good security generally involves lots of layers, the "onion" strategy. Getting past one layer is a problem, but not one that (in isolation) is a meaningful security breach.

Another way to think of it — The SEP came out with the iPhone 5s 4 years ago. So this encryption layer has prevented 4 years worth of hacking attempts on the deeper layers, which is time Apple has most likely been spending improving those layers. It might also be possible for Apple to re-apply this outer layer in subsequent iPhones, or maybe even with a firmware patch, thereby resetting the clock again.

So yeah, it's unfortunate that it's been hacked, but I still feel relaxed about my iPhone's security.
Score: 19 Votes (Like | Disagree)
Kabeyun Avatar
49 months ago
As far as privacy and security go, I still sleep just fine at night in Apple's ecosystem.
Score: 10 Votes (Like | Disagree)
Northgrove Avatar
49 months ago
"Obscurity helps security — I'm not denying that," he said, but added that relying on it for security isn't a good idea.
No, it is not, but am I missing something here or is there no indication Apple is doing that? Just because they have now _added_ a layer of security doesn't imply that they're _relaxing_ another layer of security and not taking auditing their SEP code seriously?

I am absolutely certain that Apple's security experts have heard of the saying "Security through obscurity" and its fallacies... It is a fallacy to replace one with the other, but not use both in tandem.
Score: 7 Votes (Like | Disagree)
apolloa Avatar
49 months ago
It's only a matter of time, but this is what you get when hackers and script kiddies are never jailed for their crimes, hack the defence networks oh sure jail you, hack a mass market consumer device or steal millions of people's details and passwords then you get a slapped wrist, and a nicely paid job in a security firm....
Score: 7 Votes (Like | Disagree)
rtomyj Avatar
49 months ago
Only going to help the users out but;

How does he criticize apple for obfuscation of the SEP (makes it hard to read) claiming that Apple doesn't have confidence in it being uncrypted like it's kernels but then adds that right now there's no way of knowing if obfuscation is the only form of security. How can you criticize obfuscation as Apples plan for hackers when you don't know if that's all they do....
Score: 6 Votes (Like | Disagree)
thefourthpope Avatar
49 months ago
I'm going to go out on a limp and say . . .
Apropos of nothing, I love this typo.
Score: 5 Votes (Like | Disagree)

Top Stories

General Music and AirPod 3 Feature

Rumor: Apple to Announce Third-Generation AirPods and HiFi Apple Music Tier on May 18

Thursday May 13, 2021 10:32 pm PDT by
A new rumor suggests that Apple will announce the third-generation AirPods and the recently rumored HiFi, or high-fidelity Apple Music tier, on Tuesday, May 18, via a press release on its website. The new rumor comes from Apple YouTuber Luke Miani who shared the alleged exclusive news with the AppleTrack website. According to the YouTuber, Apple plans to release the next-generation AirPods...
apple park drone june 2018 2

Apple Fires Newly Hired Ex-Facebook Product Manager Following Revelations of Past Misogynistic Comments

Thursday May 13, 2021 12:10 am PDT by
Apple has fired Antonio García Martínez, an ex-Facebook product manager and author of the controversial book "Chaos Monkeys," following public and internal calls for removal and investigation due to past misogynistic statements, The Verge reports. Apple hired Martínez earlier this week to join its ads team, however, comments that Martínez made in the past sparked condemnation from users...
imac m1 blue isolated 16x9 500k

M1 iMac is Up to 56% Faster Than Prior-Generation High-End 21.5-Inch iMac

Wednesday May 12, 2021 10:03 am PDT by
Apple's M1 iMacs are set to start delivering to customers next week, and ahead of the official launch day, benchmarks for the machines have been showing up on Geekbench, likely from reviewers who are testing them. It will come as no surprise that M1 iMac benchmarks are right on par with benchmarks for the M1 MacBook Pro, MacBook Air, and Mac mini, coming in with an average single-core score...
2021 mbp hdmi slot 3d

2021 MacBook Pro Leaks Confirm Returning MagSafe and Ports

Friday May 14, 2021 3:06 am PDT by
Apple's upcoming MacBook Pro models are expected to feature a number of major changes such as larger display options and powerful new Apple silicon chips. Among the more surprising updates to this year's MacBook Pro models is the return of three ports that have been missing from the machines for over five years. Expected to come in 14- and 16-inch sizes, the 2021 MacBook Pro models are...
fortnite apple logo 2

Judge in Epic vs. Apple Case Floats Potential Compromise

Wednesday May 12, 2021 3:54 pm PDT by
In the ongoing legal battle between Apple and Epic Games, the two companies are this week calling up their expert witnesses to argue their points before Judge Yvonne Gonzalez Rogers, who will make a decision in the case after a three week trial. Expert testimony is not as exciting as some of the leaked App Store documents that were highlighted last week, especially as much of what's being...
google photos

PSA: Google Photos Unlimited Storage Ends Next Month, Here's How to Export Your Pictures to iCloud

Thursday May 13, 2021 5:26 am PDT by
For as long as it's existed, Google Photos has offered free unlimited storage for uploading images at a reduced yet good enough quality for most users. From June 1, 2021, however, all photos and videos uploaded to Google accounts will count against users' cloud storage. If you've been relying on Google to back up your media library, it may be time to move that content elsewhere. This article...
AirTag in Envelope Feature 2

AirTag Used to Successfully Track a Mailed Package Across the UK

Wednesday May 12, 2021 8:44 am PDT by
An Apple customer in the United Kingdom has successfully used Apple's Find My network to track an AirTag as it was being sent by mail to a friend in a completely different city. Outlined in a blog post at Intego, Kirk McElhearn said he taped an AirTag to a piece of card, wrapped it inside a small bubble envelope, and then sent it on its way. Kirk lives in the small town of...
m1 ipad pro chip

M1 iPad Pro Over 50% Faster Than Previous Generation in Early Benchmarks

Tuesday May 11, 2021 11:56 am PDT by
Last month, Apple introduced a new iPad Pro with the same M1 chip found in the latest Macs, and early benchmark results indicate that the M1 iPad Pro is over 50% faster than the previous-generation iPad Pro. Based on five legitimate Geekbench 5 results (here's the fifth) for the fifth-generation 12.9-inch iPad Pro with the M1 chip, the device has average single-core and multi-core scores of...
prosser macbook air colors stacked

Images Reveal Colorful New MacBook Air Design

Tuesday May 11, 2021 5:06 am PDT by
Apple's next MacBook Air will feature a completely new design and come in a range of colors like the 24-inch iMac, according to leaker Jon Prosser, who has now released supposedly accurate renders of the new machines based on leaked images. In a new video uploaded to YouTube channel Front Page Tech, Prosser elaborated on his previous prediction that Apple's next-generation MacBook Air models ...
iPhone 13 Camera Backs

iPhone 13 Models Will Be Slightly Thicker and Will Have Larger Camera Bumps

Monday May 10, 2021 10:41 am PDT by
Apple's upcoming iPhone 13 models will be slightly thicker than the iPhone 12 models and will also feature larger, thicker camera bumps with lenses that protrude less, according to iPhone 13 schematics seen by MacRumors. The new iPhone 13 and 13 Pro models are expected to feature a thickness of 7.57mm, up from 7.4mm in the iPhone 12 models. That's an increase of 0.17mm, which won't be hugely ...