The security enclave of Apple devices is presented by the Californian manufacturer as an impregnable fortress. And it had better be as impregnable as advertised, since it constitutes a real treasure for pirates. It actually contains all the user's personal data. On iPhone for example, we find Face ID, Touch ID, security code information, but also information related to the use of Apple Pay, among others.
The security enclave is underpinned by a dedicated chip in Apple devices. It is present both on iPhone (since the 5s model), and on iPad (since the 5th generation iPad of 2017), without forgetting Macs (those with T1 or T2 chip).
Unfortunately for Apple, according to jailbreak specialists (iPhone hacking), this security enclave on iPhone has a significant vulnerability. In addition, the authors of the find assure that this flaw cannot be corrected in software.
The Team Pangu has found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones.https://t.co/9oJYu3k8M4
— Jin Wook Kim (@wugeej)July 29, 2020
It would only be present on iOS devices, not on Macs, and only on iPhone and iPad models equipped with the A7, A8, A9, A10 and A11 chip, i.e. from the iPhone 5s to the iPhone Newer iOS devices, such as the iPhone XS or the iPhone 11 and the iPhone SE 2020 would not be affected. Apple would have corrected the situation with the new versions of its Ax chips.
Should we be worried though?
For one, the tipsters did not reveal how a hacker could take advantage of this flaw to remove confidential information from a target iOS device. Should you get the iPhone or the iPad? Can enclave private information recovery be done on a non-jailbroken iOS device, or even on a locked iOS device?
As long as nothing specifies how the vulnerability can be exploited, it is difficult to understand the seriousness of the situation. Still, the iPhone's security enclave has already been hacked in the past during laboratory tests. But in a real-life situation, no such feat would have been possible.
So, in the same way that it is possible to fool Face ID with an extraordinarily crafted 3D mask that is perfectly faithful to the person's face, it will be extremely complex for a hacker to steal data from the security enclave.
So let's remain calm following this news and adopt good practices in the face of the risk of phone theft and hacking.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
Editor-in-chief for iPhon.fr. Pierre is like Indiana Jones, looking for the lost iOS trick. Also a long-time Mac user, Apple devices hold no secrets for him. Contact: pierre[a]iphon.fr.
