Hacker Claims to Decrypt Apple’s SEP Firmware

Reportedly, a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware has been released by a hacker known by the handle xerub.

The importance of the SEP is of such magnitude due to it handling Touch ID transactions and being isolated from the rest of its host device that, if this hack proves to be true, it could be a major blow to iOS security. Any kind of Apple device you have doesn’t know what’s going on in the SEP, which means no one else does, either, but that might change today. Because if the firmware code is exposed, SEP vulnerabilities will be hunted down and used maliciously.

Back to the iPhone 5S, with which came the Touch ID, a tiny coprocessor was put in the main S-series and now A-series processor chip. The coprocessor in question runs on its own entirely, with a separate OS, separate updates and all of its doing being hidden from the rest of the device.

One of the key points of the SEP is its generation of the device’s Unique ID (UID). That UID is moreover secured by tangling it up with an ephemeral key that is replaced every time the device is rebooted.

The reason for the existence of the SEP is to protect the UID, and that is why all Touch ID actions such as password verification and similar security processes happen in the SEP.

Now that the SEP’s firmware code is exposed to the rest of the world, due to the efforts of the hacker xerub, you can find the key here, and this GitHub repository contains what you need to decrypt it, and this one has the tools to process it.

xerub said that it worries him that Apple had the SEP hidden behind a key. He believes that SEP is an amazing tech but because it is a black box, its obscurity doesn’t add too much for security.

He also said that expert hackers won’t be stopped by black boxes, instead just slowed down a bit. In the long run, xerub believes that the public exposure will only add to the security of SEP. It will be just another arms race between hackers and tech companies that will ultimately lead to a safer user program.

The decryption of the SEP’s firmware is a big deal for both sides. xerub said that it could be possible, though very hard to watch the SEP do its work and reverse engineer its process, gain access to passwords and fingerprint data, and go even further toward rendering any security relying on the SEP completely ineffective.

As he said, the decryption of the firmware itself doesn’t mean that the user data gets decrypted at the same time, instead, it involves a lot of additional work. In short, xerub doesn’t think that his decryption will be going to have a massive impact.

An Apple spokesperson that will not be named stated that this doesn’t directly impact the customer data since they are a lot of layers of security in the SEP. The source added that it would be a leap to say that this decryption would make it possible to reach the customer data.

Apple does not plan to roll out a fix at this time.

18 COMMENTS

  1. Este problema surge geralmente em homens entre os 50 e os 80 anos de idade, principalmente devido a fatores como ansiedade, depressão ou perda de libido natural.

  2. You actually make it seem so easy with your presentation but I find this matter to be actually something which I think I would never
    understand. It seems too complicated and very broad for me.

    I’m looking forward for your next post, I will try to get the hang of it!

  3. Hello there I am so glad I found your web site, I
    really found you by accident, while I was searching on Aol for
    something else, Anyhow I am here now and would just like to say cheers for a tremendous
    post and a all round thrilling blog (I also
    love the theme/design), I don’t have time to go through it all at the moment
    but I have bookmarked it and also included your RSS feeds, so when I have time I will be back
    to read much more, Please do keep up the superb work.

  4. 110916 827017Hey there. I want to to ask a bit somethingis this a wordpress internet log as we are preparing to be transferring more than to WP. Additionally did you make this template all by yourself? Many thanks. 298508

  5. Hello! This is kind of off topic but I need some guidance from an established blog.
    Is it very hard to set up your own blog? I’m not
    very techincal but I can figure things out pretty quick.

    I’m thinking about creating my own but I’m not sure where to begin. Do you have any points or suggestions?

    Cheers

  6. This design is steller! You definitely know how to keep a reader entertained.
    Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Excellent job.
    I really enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

  7. Thanks a lot for sharing this with all folks you really
    recognize what you’re speaking approximately! Bookmarked.
    Kindly additionally consult with my web site =). We
    may have a hyperlink change contract between us

  8. Hi there! I just wanted to ask if you ever have any problems with hackers?
    My last blog (wordpress) was hacked and I ended up losing many months of hard work due to no data backup.
    Do you have any solutions to protect against hackers?

  9. The other day, while I was at work, my cousin stole my iphone and tested
    to see if it can survive a 30 foot drop, just
    so she can be a youtube sensation. My apple ipad
    is now destroyed and she has 83 views. I know this is
    entirely off topic but I had to share it with someone!

  10. Thanks for finally talking about > Hacker Claims to Decrypt Apple’s SEP Firmware < Loved it!

  11. Actually no matter if someone doesn’t understand then its up to other
    people that they will help, so here it occurs.

  12. What’s Happening i am new to this, I stumbled upon this
    I’ve discovered It absolutely helpful and it has helped me out
    loads. I am hoping to contribute & help other users like its helped me.

    Good job.

  13. I have been exploring for a little for any high-quality articles or blog posts in this sort of house .
    Exploring in Yahoo I at last stumbled upon this web site.

    Studying this info So i’m glad to exhibit that I have an incredibly just right uncanny feeling I discovered exactly what I needed.
    I most without a doubt will make certain to don?t omit this web site and provides it a look regularly.

  14. 804049 74141Get started with wales ahead almost every planking. Ones wales truly are a compilation of huge planks one specific depth advisors certainly will be the identical towards the entire hull planking nevertheless with even bigger density to successfully thrust outward beyond the planking. planking 466463

LEAVE A REPLY

Please enter your comment!
Please enter your name here