The rising cyber-crimes have made the secure seem insecure. Apple is the latest target to such security breach. To say, Apple had paved the way to the Touch ID fingerprint sensor in 2013 with iPhone 5S. It had since been exploited for secure unlock of device alongside payment authentications. However, this very component, classed under Apple’s Secure Enclave is now under cyber threat.
Secure Enclave Processor (SEP) is a co-processor incorporated in the S2, A7 and later A-series chip-sets. It is noted to power the iPhone 5S, iPad mini 2, iPad Air, iPad mini 3, and Apple Watch Series 2. The SEP is not linked to the main operating system. Yet it houses all the cryptographic operations for managing the Data Protection Keys.
This high-end security feature came built-in with the iPhone 5S. It generates a Unique ID for every Apple device to kick-start the authentication process. This is automatically changed when the system is rebooted. Also, at the same time it is hidden from the rest of the system parts. Thus, it allowed for tighter security of iPhones, iPads, Apple Watches and many more.
The recent uncovering of the iOS firmware’s decryption keys has left the Apple in dismay. The hack undertaken by Xerub (probably a pseudonym) reveals the decryption keys of Apple’s SEP software. The alleged Xerub took to Twitter to disclose the information.
key is fully grown https://t.co/MwN4kb9SQI use https://t.co/I9fLo5Iglh to decrypt and https://t.co/og6tiJHbCu to process
— ~ (@xerub) August 16, 2017
This new finding has ushered security researchers and cyber thieves to easily break into the Apple devices. They can now gain access to a previously encrypted iOS component.
Despite that, Xerub claims that no Apple user data is under danger. Surveillance companies too can look out for bugs in the Apple iOS using the decrypted keys. It can be used to dig into the vulnerabilities of the system. While the user data would not be at stake.
Nevertheless, Apple needs to immediately work on this issue before some brainy hacker tries to steal all confidential information from a device, which might include the banking credentials as well.
