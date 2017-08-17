Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com) 21
According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
Not really a surprise (Score:2)
While this is clearly an advanced exercise, there are enough people with the smarts, the education and the opportunity needed to do this. And since they make an instant name for themselves in the security-community, there is also ample motivation.
So congratulations! But really, it was only a question of time.
Great news for law enforcement ... (Score:3)
I've long been thinking that we need a time limited storage system for our secrets like encryption keys.
I'd suggest storing such data in SRAM. A small capacitor can keep it powered (only needs nanoamps to maintain).
If the phone is powered off for too long or powered but the user doesn't enter the passkey for a day or two it wipes itself.
Prevents this kind of attack, prevents any kind of slow attack in fact.
I like this plan, but the SRAM itself should still be encrypted with the device key HMAC'd with some other identifier as well (PIN ideally).
New standard procedure: Clip this thing onto that circuit board until the nerds arrive with their magic box.
Suicide chips were common for a long time. And although effective are MUCH more trouble than they're worth.
For example, you'll lose ten times more "genuine" evidence (e.g. witnesses willingly handing their phones over for evidence, then the chip dying while in court storage) than anything you'll save on personal privacy.
Not to mention, get one duff battery/capacitor and one day your phone just stops working permanently with no possibility of restoration whatsoever.
This isn't an attack stopped by a suicide
It's certainly not for everyone. The clock thing is a non issue though. Ultra low power RC oscillator on chip, only +/-30% but that's all you need to measure a couple of days approximately. Protected the same way as the secure enclave.
This is great! (Score:2)
What people aren't grasping is that this is actually good news. When someone breaks security, it forces the device maker to improve their security tactics (lest they be considered insecure devices). The result is that people will get better security. The same is not true about cell towers because telecom companies don't care if your shit is insecure.
