today-is-a-good-day

Hacker Claims to Decrypt Apple’s SEP Firmware

Reportedly, a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware has been released by a hacker known by the handle xerub.

The importance of the SEP is of such magnitude due to it handling Touch ID transactions and being isolated from the rest of its host device that, if this hack proves to be true, it could be a major blow to iOS security. Any kind of Apple device you have doesn’t know what’s going on in the SEP, which means no one else does, either, but that might change today. Because if the firmware code is exposed, SEP vulnerabilities will be hunted down and used maliciously.

Back to the iPhone 5S, with which came the Touch ID, a tiny coprocessor was put in the main S-series and now A-series processor chip. The coprocessor in question runs on its own entirely, with a separate OS, separate updates and all of its doing being hidden from the rest of the device.

One of the key points of the SEP is its generation of the device’s Unique ID (UID). That UID is moreover secured by tangling it up with an ephemeral key that is replaced every time the device is rebooted.

The reason for the existence of the SEP is to protect the UID, and that is why all Touch ID actions such as password verification and similar security processes happen in the SEP.

Now that the SEP’s firmware code is exposed to the rest of the world, due to the efforts of the hacker xerub, you can find the key here, and this GitHub repository contains what you need to decrypt it, and this one has the tools to process it.

xerub said that it worries him that Apple had the SEP hidden behind a key. He believes that SEP is an amazing tech but because it is a black box, its obscurity doesn’t add too much for security.

He also said that expert hackers won’t be stopped by black boxes, instead just slowed down a bit. In the long run, xerub believes that the public exposure will only add to the security of SEP. It will be just another arms race between hackers and tech companies that will ultimately lead to a safer user program.

The decryption of the SEP’s firmware is a big deal for both sides. xerub said that it could be possible, though very hard to watch the SEP do its work and reverse engineer its process, gain access to passwords and fingerprint data, and go even further toward rendering any security relying on the SEP completely ineffective.

As he said, the decryption of the firmware itself doesn’t mean that the user data gets decrypted at the same time, instead, it involves a lot of additional work. In short, xerub doesn’t think that his decryption will be going to have a massive impact.

An Apple spokesperson that will not be named stated that this doesn’t directly impact the customer data since they are a lot of layers of security in the SEP. The source added that it would be a leap to say that this decryption would make it possible to reach the customer data.

Apple does not plan to roll out a fix at this time.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

More from author

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related posts

Advertisment

Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...