SoylentNews is people
SoylentNews
The Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave. These keys are unique to your device and they're never synchronized with iCloud.
[...] It's important to note that although the Secure Enclave chip is built into the device, it works completely separately from the rest of the system. This ensures that apps won't have access to your private keys, since they can only send requests to decrypt specific data such as your fingerprint to unlock an app through the Secure Enclave.
[...] Now, Chinese hackers from the Pangu Team have reportedly found an "unpatchable" exploit on Apple's Secure Enclave chip that could lead to breaking the encryption of private security keys.
[...] The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic [...] Apple has already fixed this security breach with the A12 and A13 Bionic chips
(Score: 2) by c0lo on Sunday August 02 2020, @10:56PM (6 children)
If only the Apple fans would accept a 1mm thicker iPhone (grin)
Seriously speaking, if the "security enclave" would be socket-replaceable, how would it still be... you know... secure? 'Cause I imagine it's pretty easy for a an attacker to replace it in the space of minutes without any more special tool than a(n Apple™) screwdriver.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Sunday August 02 2020, @11:57PM (2 children)
What 'shithole countries' are you travelling through that would bug your phone?
In Peter Dutton we trust.
(Score: 4, Funny) by Anonymous Coward on Monday August 03 2020, @12:15AM (1 child)
No, I don't have plans to travel to US.
But I learned there are some third of a billion already there.
(Score: 0) by Anonymous Coward on Monday August 03 2020, @02:45AM
Yakima county, for one. Surveillance devices up & out the wazoo. Watch your wazoo when passing through.
(Score: 4, Informative) by jasassin on Monday August 03 2020, @01:12AM
If they replaced the chip it would have different secret keys (the secret keys are supposedly inaccessible) it couldn't decrypt your data (unlock the phone). If the chip was replaced before you purchased the phone the point is moot, because the attacker would have plenty of time to solder on a new chip.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 3, Insightful) by fustakrakich on Monday August 03 2020, @01:16AM (1 child)
Not secure... just more so than an uninvited OTA upgrade.
The "security" is for the phone, not the user. It's just supposed to be a serial number for tracking the device, and maybe turning on the camera and mic remotely, and reading the contacts, and emails, and messages...
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Monday August 03 2020, @02:02AM
Given that you can't change the chip as it is now with an OTA (even if you can exploit it), I have this feeling that it doesn't make any difference if the chip is soldered or plugged-in a socket.
Regarding...
... assuming security is important for me, I still prefer a chip that is soldered (and then encapsulated in hard epoxy resin) for security. If it turns out that the chip is unsecure, I'll just exchange the phone entirely (and blend the older one to pieces [youtu.be]).
Replacing the chip is kinda ReadWrite, only with hardware.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford