A new exploit has allegedly been found in Apple’s Secure Enclave chip, putting the data of iPhone and iPad users at risk.
Apple’s Secure Enclave encrypts and holds sensitive data such as passwords and biometric logins for Touch ID and Face ID. For security, the system is designed so that data remains on the device and is never synced with iCloud or other network services.
Now, however, a group of Chinese hackers from Pangu Team claim they have found a security flaw in the hardware for the Secure Enclave in all Apple chips from A7 to A11 Bionic, reports 9to5Mac. This means millions of devices are affected: from the iPhone 5s to the iPhone X, and from the iPad mini 2 to the 10.2-inch 2019 iPad.
The Team Pangu has found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. https://t.co/9oJYu3k8M4
— Jin Wook Kim (@wugeej) July 29, 2020
Additionally, an unpatchable exploit means that the vulnerability was discovered in the hardware, not in the software, meaning there’s likely nothing Apple can do to fix it on already-shipped devices.
According to 9to5Mac, there’s aren’t many details on what this specific exploit gives bad actors:
We still don’t have further details on what exactly hackers can do with this specific vulnerability, but having full access to the Security Enclave could also mean having access to passwords, credit cards, and much more. The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic, similar to the checkm8 exploit that allows jailbreak for almost all iOS devices up to iPhone X.
Security researcher @axi0mX noted that the issue can’t be exploited in browser- or app-based jailbreaks, notes Apple Insider. Apple’s various hardware and software mitigations further limit the potential ways in which an attack could be made. Due to Apple’s security limitations, a successful hack would require physical access to the device as well as a connection to a host system, ruling out any potential remote abuse.
Security implications of this SEPROM vulnerability are not as bad as you might think:
(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.
— ax🔥🌸mX (@axi0mX) July 25, 2020
To end-users, while the vulnerability of the Secure Enclave may seem scary, it is highly unlikely to affect the average iPhone user.