Patch unrecoverable vulnerability found in'Secure Enclave' chip responsible for security of Apple terminals


Patch unrecoverable vulnerability found in'Secure Enclave' chip responsible for security of Apple terminals

Apple Security ProcessorSecure EnclaveIs responsible for encrypting and protecting sensitive data on devices such as iPhones, iPads and Macs. It has been revealed that this Secure Enclave contains a vulnerability that prevents patch repair.

New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip, here’s what it could mean-9to5Mac

The "Secure Enclave" security processor is built into almost every Apple device. The data in the terminal such as iPhone, iPad, Mac, Apple Watch is encrypted with a random private key, and Secure Enclave is used to access this data. The private key used to encrypt the data on the Apple device is unique to each device and will not be synchronized with iCloud.

The role of the Secure Enclave is not only to encrypt files, but also to store passwords, credit cards used in Apple Pay, keys to enable biometrics such as Touch ID and Face ID. As a result, it is difficult for hackers to access personal data on Apple devices without a password.

The Secure Enclave is built into the device, but designed to operate completely independently of the rest of the system. For example, if an app uses biometrics to unlock, the app sends a request to decrypt data related to biometrics to the Secure Enclave, and to actually decrypt the data. You are not accessing your private key.

It also has full access to the system's internal filesJailbreakEven the (jailbroken) iPhone etc. cannot access the data managed by the Secure Enclave.

Apple terminals equipped with the Secure Enclave are as follows.

・All iPhones after iPhone 5s
・All iPads after the iPad (5th generation)
・All iPad Air after iPad Air (1st generation)
・All iPad minis after iPad mini 2
・All iPad Pro
T1OrT2 chipAll Macs with
・All Apple TVs after Apple TV (4th generation)
・All Apple Watch after Apple Watch Series 1

A new "patchable vulnerability" was discovered in the Secure Enclave. This is not the first time a Secure Enclave vulnerability has been revealed, and in 2017 the hacker group decrypted the Secure Enclave firmware to analyze the behavior of the components. However, the vulnerability did not allow access to the Apple device's private key, which did not pose a potential risk to the user.

On the other hand, the vulnerability discovered this time is a hardware defect that cannot be repaired with a patch, so it affects all existing Secure Enclave-equipped terminals, and encryption performed by Apple terminals There is a possibility that it will break the conversion. The vulnerability was discovered by a group of Chinese hackers.

The details of what can be done using this vulnerability are not clear at the time of writing the article, but if you get full access to the Secure Enclave, it is a password. It means that you get full access to your credit card information.

Since the vulnerability discovered this time is a hardware defect, it is necessary for an attacker to directly access the attack target terminal in order to use it, and it is unlikely that the terminal will be hacked by a remote attack. Please note that Apple-related media 9to5Mac notes.

Copy the title and URL of this article

Source link

Do you like this article??

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button