14 DAY TRIAL // Several reports suggest that a hacker who goes by the name of "xerub" claims he has decrypted Apple's Secure Enclave Processor (SEP) firmware and published on Thursday the decryption key.
Apple's SEP (Secure Enclave Processor) is a component found in the A7 chipset that powers the iPhone 5s, iPad Air, iPad mini 2, and iPad mini 3 devices, as well as any of the A-series processors that Apple released since then.
It's also capable of handling Touch ID transactions, cryptographic operations in Apple Watch Series 2 smartwatches, password verifications, and other security-related processes. SEP is encrypted by design and it's totally isolated, which means it can't be compromised.
"The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave," says Apple.
The decryption key won't allow hackers to access stored data
The hacker announced on his Twitter account that he managed to decrypt Apple's Secure Enclave Processor (SEP) firmware using the img4lib library, which can deal with img4 files, along with a SEP firmware split tool designed to process the decrypted files.
Both tools were created by the hacker and are publicly available on GitHub for security researchers who want to decrypt the Apple SEP firmware and try to find vulnerabilities in it. However, these tools won't allow them to access the data stored in the SEP.
Below you can see the security architecture diagram of Apple's iOS mobile operating system so you can understand how its security system actually works. The hacker said that the decryption key is "fully grown" and you can download the required tools from the links below.
Regular users like you and me shouldn't worry about the security of iOS, nor their devices, as Apple designs one of the strongest mobile operating systems ever created, not to mention that it patches vulnerabilities discovered by security researchers all the time, so make sure you always run the latest version.
key is fully grown https://t.co/MwN4kb9SQI use https://t.co/I9fLo5Iglh to decrypt and https://t.co/og6tiJHbCu to process — ~ (@xerub) August 16, 2017
