Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 18 2017, @07:52PM   Printer-friendly
from the back-to-the-drawing-board dept.

The security coprocessor was introduced alongside the iPhone 5s and Touch ID. It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications.

The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption

Today, xerub announced the decryption key 'is fully grown'. You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process.

Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.

Source: iClarified

Also at ThreatPost which notes that this does not mean it is open season on SEP:

Yesterday’s news set off another flurry of angst as to the ongoing security of iOS and what would happen now that the firmware had been unlocked.

“I wouldn’t say there is any immediate threat to users at this point,” Azimuth Security’s Mandt said. “Although the key disclosure allows anyone to analyze the software that is running on the SEP processor, it still requires an attacker to find and exploit a vulnerability in order to compromise SEP.”


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by jmorris on Saturday August 19 2017, @04:03AM (2 children)

    by jmorris (4844) on Saturday August 19 2017, @04:03AM (#556259)

    Assuming there are no explotable bugs in the wire protocol identified by examining the binaries this may or may not be a big problem. Good crypto can be fully open source and it isn't compromised, in fact the many eyes generally make it better long term. Of course since Apple developed it in secret in a typical corporate environment it is probably a roach motel.

    The bigger question is whether this key was the only protection against flashing new firmware into the SEP? If so it is going to be game over.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by kaszz on Saturday August 19 2017, @08:29AM (1 child)

    by kaszz (4211) on Saturday August 19 2017, @08:29AM (#556307) Journal

    Personally, I'm quite curious if the firmware contains any mandated backdoor. Or any such facility at all.

    Oh and if the SEP can be reprogrammed with a key then iPhones can be installed with whatever OS anybody wants.. *thumbs up*

    • (Score: 0) by Anonymous Coward on Saturday August 19 2017, @01:18PM

      by Anonymous Coward on Saturday August 19 2017, @01:18PM (#556341)

      *thumbs up*

      Cue ennui related to the fact that there's nothing worth installing.