Decryption key for Apple iOS Secure Enclave Processor firmware revealed

A hacker that goes by the handle “xerub” has apparently figured out the decryption key for Apple’s Secure Enclave Processor (SEP) firmware, and made it available online:

What is the Secure Enclave?

To quote Apple:

The Secure Enclave is a coprocessor fabricated in the Apple S2, Apple A7, and later A-series processors. It uses encrypted memory and includes a hardware random number generator. The Secure Enclave provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key entangled with the UID and an anti-replay counter.

The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

What does this release mean for users?

Apple has yet to confirm whether the published key is legitimate, but even if it is, its release does not endanger user data or reduce the security of the Secure Enclave.

Its publication simply means that security researchers and hackers (malicious or not) will now be able to inspect and probe the SEP firmware for vulnerabilities.

So far, Apple has offered little information about the Secure Enclave – the company is well-known for rarely sharing details about its products security features – but last year, at Black Hat, a group of researchers offered some insight into it, including potential attack routes.

Secure Enclave security

Xerub did not say how he unearthed the key, but just pointed to the tools that can be used to decrypt the firmware and process it (img4lib and sepsplit.c, respectively).

An interesting sidenote

A user that is testing iOS 11, which is still in beta, has pointed out a new security/privacy feature that makes it easier for users to call emergency services, but also to quickly temporarily disable Touch ID (i.e. force passphrase entry).

The feature is triggered by pressing the device’s power button five times in succession. The move pops up a screen that offers the option to call emergency services, power off the device, or cancel the screen. Pressing the “Cancel” button will force the user to enter the passphrase in order to enable Touch ID again.

It’s definitely a more discreet and quick way to disable Touch ID if one’s faced with a request from law enforcement to unlock the device with one’s fingerprint. Of course, it is of no big help if one can be forced – legally or otherwise – to enter the correct passphrase.