The Apple Secure Enclave is an ARM-based coprocessor that enhances iOS security, but on Thursday a hacker published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware.
According to Apple technical documentation, the Secure Enclave coprocessor is built into Apple S2 (Watch Series 2), A7 (iPhone 5S, iPad Air, Mac Mini 2 and 3), and subsequent A-series chips.
The coprocessor generates the Unique ID (UID) number and keeps it segregated from the rest of iOS for all devices powered by the A9 (iPhone 6S, 6S Plus, SE, and 2017 iPad) and later generations of silicon,
The Secure Enclave also handles the authentication process based on fingerprint gathered through the device’s Touch ID sensor.
The hacker, who goes online with the moniker “xerub” explained that the decryption key unlocks only the SEP firmware, and not user data. xerub published the key also on GitHub and to the community website iPhone Wiki.
“Everybody can look and poke at SEP now,” xerub said.
— ~ (@xerub) August 16, 2017
The key allows to decrypt and explore the encrypted firmware code, a gift for experts and hackers that can have more information about the iOS platform.
Using the key in conjunction with xerub’s img4lib it is possible to decrypt an iPhone 5s IMG4 SEP (Secure Enclave Processor) firmware image. The decrypted data can be analyzed with a tool called sepsplit to extract the executable binaries from the image.
Since the release of the iPhone 5s in 2013, Apple has introduced many security improvements and others are announced with the forthcoming devices and OS 11.
At the 2016 Black Hat, a group of security researchers made an interesting presentation on the Apple’s Secure Enclave providing some high-level technical details about its design and security features.
(Security Affairs – Secure Enclave chip, Apple)