Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday August 02 2020, @06:59PM   Printer-friendly
from the secure-enclave-isn't dept.

New 'unpatchable' exploit allegedly found on Apple's Secure Enclave chip, here's what it could mean - 9to5Mac:

The Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave. These keys are unique to your device and they're never synchronized with iCloud.

[...] It's important to note that although the Secure Enclave chip is built into the device, it works completely separately from the rest of the system. This ensures that apps won't have access to your private keys, since they can only send requests to decrypt specific data such as your fingerprint to unlock an app through the Secure Enclave.

[...] Now, Chinese hackers from the Pangu Team have reportedly found an "unpatchable" exploit on Apple's Secure Enclave chip that could lead to breaking the encryption of private security keys.

[...] The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic [...] Apple has already fixed this security breach with the A12 and A13 Bionic chips


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by aiwarrior on Sunday August 02 2020, @07:26PM (14 children)

    by aiwarrior (1812) on Sunday August 02 2020, @07:26PM (#1030396) Journal

    I am surprised this exploit was published. This seems like a very high value exploit for a nation state and would give an edge on APTs. All i have to say is thank you.
    On another note I am getting a bit worried with the unpatchable nature of these systems.

    • (Score: 4, Insightful) by Runaway1956 on Sunday August 02 2020, @07:52PM (11 children)

      by Runaway1956 (2926) Subscriber Badge on Sunday August 02 2020, @07:52PM (#1030402) Journal

      The funny bit about all these unpatchable exploits is, they are almost exclusively located in the hardware meant to secure the device. Few of these are found in the CPU. Microcode updates are capable of fixing most problems found with the CPU. It's all the bolt-on bullshit that is unfixable.

      • (Score: 3, Insightful) by fustakrakich on Sunday August 02 2020, @08:49PM (8 children)

        by fustakrakich (6150) on Sunday August 02 2020, @08:49PM (#1030421) Journal

        You're supposed to put the chip in a socket so it can be replaced. Upgradable = Vulnerable

        Read only is still the most secure. The OS should always be on ROM, but not soldered in

        --
        La politica e i criminali sono la stessa cosa..
        • (Score: 2) by c0lo on Sunday August 02 2020, @10:56PM (6 children)

          by c0lo (156) Subscriber Badge on Sunday August 02 2020, @10:56PM (#1030477) Journal

          You're supposed to put the chip in a socket so it can be replaced.

          If only the Apple fans would accept a 1mm thicker iPhone (grin)

          Seriously speaking, if the "security enclave" would be socket-replaceable, how would it still be... you know... secure? 'Cause I imagine it's pretty easy for a an attacker to replace it in the space of minutes without any more special tool than a(n Apple™) screwdriver.

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
          • (Score: 0) by Anonymous Coward on Sunday August 02 2020, @11:57PM (2 children)

            by Anonymous Coward on Sunday August 02 2020, @11:57PM (#1030488)

            What 'shithole countries' are you travelling through that would bug your phone?

            In Peter Dutton we trust.

            • (Score: 4, Funny) by Anonymous Coward on Monday August 03 2020, @12:15AM (1 child)

              by Anonymous Coward on Monday August 03 2020, @12:15AM (#1030494)

              What 'shithole countries' are you travelling through that would bug your phone?

              No, I don't have plans to travel to US.
              But I learned there are some third of a billion already there.

              • (Score: 0) by Anonymous Coward on Monday August 03 2020, @02:45AM

                by Anonymous Coward on Monday August 03 2020, @02:45AM (#1030554)

                What 'shithole counties' are you travelling through that would bug your phone?

                Yakima county, for one. Surveillance devices up & out the wazoo. Watch your wazoo when passing through.

          • (Score: 4, Informative) by jasassin on Monday August 03 2020, @01:12AM

            by jasassin (3566) <jasassin@gmail.com> on Monday August 03 2020, @01:12AM (#1030518) Homepage Journal

            Seriously speaking, if the "security enclave" would be socket-replaceable, how would it still be... you know... secure?

            If they replaced the chip it would have different secret keys (the secret keys are supposedly inaccessible) it couldn't decrypt your data (unlock the phone). If the chip was replaced before you purchased the phone the point is moot, because the attacker would have plenty of time to solder on a new chip.

            --
            jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
          • (Score: 3, Insightful) by fustakrakich on Monday August 03 2020, @01:16AM (1 child)

            by fustakrakich (6150) on Monday August 03 2020, @01:16AM (#1030520) Journal

            how would it still be... you know... secure?

            Not secure... just more so than an uninvited OTA upgrade.

            The "security" is for the phone, not the user. It's just supposed to be a serial number for tracking the device, and maybe turning on the camera and mic remotely, and reading the contacts, and emails, and messages...

            --
            La politica e i criminali sono la stessa cosa..
            • (Score: 2) by c0lo on Monday August 03 2020, @02:02AM

              by c0lo (156) Subscriber Badge on Monday August 03 2020, @02:02AM (#1030532) Journal

              Not secure... just more so than an uninvited OTA upgrade.

              Given that you can't change the chip as it is now with an OTA (even if you can exploit it), I have this feeling that it doesn't make any difference if the chip is soldered or plugged-in a socket.

              Regarding...

              You're supposed to put the chip in a socket so it can be replaced.

              ... assuming security is important for me, I still prefer a chip that is soldered (and then encapsulated in hard epoxy resin) for security. If it turns out that the chip is unsecure, I'll just exchange the phone entirely (and blend the older one to pieces [youtu.be]).
              Replacing the chip is kinda ReadWrite, only with hardware.

              --
              https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
        • (Score: 2) by kazzie on Monday August 03 2020, @06:38AM

          by kazzie (5309) Subscriber Badge on Monday August 03 2020, @06:38AM (#1030613)

          The OS should always be on ROM, but not soldered in.

          Hear, hear.

            Now let me go switch on my Acorn Archimedes... :)

      • (Score: 2) by driverless on Monday August 03 2020, @01:39AM

        by driverless (4770) on Monday August 03 2020, @01:39AM (#1030524)

        The funny bit about all these unpatchable exploits is, they are almost exclusively located in the hardware meant to secure the device.

        We've (industry security group) ran into that problem as well when doing analyses of secure firmware update. Why do we need to keep updating the firmware? The vast majority of the time it's to patch holes in the crypto/security code that manages the secure firmware update. We were vastly more secure when firmware update was handled by someone moving a jumper and reflashing via USB, but apparently remote update is what all the cool kids are doing nowadays.

      • (Score: 1, Insightful) by Anonymous Coward on Monday August 03 2020, @03:13PM

        by Anonymous Coward on Monday August 03 2020, @03:13PM (#1030749)

        That's expected.

        If something can be patched, it can be altered. If something can be altered, it can be undermined via malicious code.

        I would expect there to be higher number of unpatchable bugs in security code than elsewhere. It's just like how there are more un-prosecuted corruption in the government than elsewhere. (Corruption outside the government will be prosecuted by the government. Who will prosecute government-internal corruption, though?)

    • (Score: 3, Insightful) by Anonymous Coward on Sunday August 02 2020, @08:59PM (1 child)

      by Anonymous Coward on Sunday August 02 2020, @08:59PM (#1030428)

      I'm going to go with NSA already knew about the exploit. When the Chinese caught up (or paid for) the exploit, the NSA trashed its value by releasing it. That's what I would do if I were an evil mastermind.

      • (Score: 3, Insightful) by driverless on Monday August 03 2020, @01:42AM

        by driverless (4770) on Monday August 03 2020, @01:42AM (#1030526)

        Or vice versa, the Chinese trashed the NSA's value by releasing.

  • (Score: 1, Funny) by Anonymous Coward on Sunday August 02 2020, @08:11PM (6 children)

    by Anonymous Coward on Sunday August 02 2020, @08:11PM (#1030403)

    The exploit is fixed on A12 and A13, and no self-respecting Apple fanboi would carry a device that's more than 2 years old, so the problem will go away pretty soon.

    • (Score: 1, Funny) by Anonymous Coward on Sunday August 02 2020, @08:16PM

      by Anonymous Coward on Sunday August 02 2020, @08:16PM (#1030406)

      Could someone make sure Jennifer Lawrence gets a new phone with A11 chip please.

    • (Score: 2) by looorg on Sunday August 02 2020, @08:49PM (3 children)

      by looorg (578) on Sunday August 02 2020, @08:49PM (#1030422)

      Probably not, while the fanbois might not be caught dead with anything but the latest those are probably not the majority segment of the market where phones, and other devices, are around for a lot longer then two years. If this cant, or wont, be fixed it will probably be good for at least a few more years -- perhaps even in the 5-10 year range.

      The A7 was discontinued in 2017, the A9 in 2018 but there are loads of them still around. A8, A10 (current ipads) and A11 (iphone x) are not even discontinued as of yet.

      • (Score: -1, Troll) by Anonymous Coward on Sunday August 02 2020, @09:24PM (2 children)

        by Anonymous Coward on Sunday August 02 2020, @09:24PM (#1030441)

        Who cares what happens to Apple fashionistas... if they want security, they should be on Android.

        • (Score: 1, Insightful) by Anonymous Coward on Sunday August 02 2020, @09:39PM (1 child)

          by Anonymous Coward on Sunday August 02 2020, @09:39PM (#1030450)

          you're fucking kidding, right ?

          • (Score: 1, Interesting) by Anonymous Coward on Sunday August 02 2020, @10:18PM

            by Anonymous Coward on Sunday August 02 2020, @10:18PM (#1030463)

            A pox on both their houses.

            Secure enclave bullshit is only DRM theatre mandated by film studios to get their cut of 4K streaming revenue and serves no actual benefit to the owner of a device.

    • (Score: 2) by bart9h on Sunday August 02 2020, @09:02PM

      by bart9h (767) on Sunday August 02 2020, @09:02PM (#1030430)

      that may be true, but not all Apple users are fanbois.

      there are a lot of old macs and ithings still in use.

  • (Score: 3, Informative) by Anonymous Coward on Sunday August 02 2020, @08:26PM (2 children)

    by Anonymous Coward on Sunday August 02 2020, @08:26PM (#1030411)

    Accelerometer: Bosch in Germany. Invensense in the United States.
    Audio Chipsets and Codec: Cirrus Logic in the United States (outsourced for manufacturing).
    Baseband processor: Qualcomm in the United States (outsourced for manufacturing).
    Batteries: Samsung in South Korea. Huizhou Desay Battery in China.
    Cameras: Sony in Japan. OmniVision in the United States produces the front-facing FaceTime camera chip but subcontracts TMSC (in Taiwan) for manufacturing.
    Chipsets and Processors: Samsung in South Korea and TSMC in Taiwan. Alongside their partner GlobalFoundries in the United States.
    Controller Chips: PMC Sierra and Broadcom Corp in the United States (outsourced for manufacturing).
    Display: Japan Display and Sharp in Japan. LG Display in South Korea.
    DRAM: TSMC in Taiwan. SK Hynix in South Korea.
    eCompass: Alps Electric in Japan.
    Fingerprint sensor authentication: Authentec makes it in China but outsources it to Taiwan for manufacturing.
    Flash memory: Toshiba in Japan and Samsung in South Korea.
    Gyroscope: STMicroelectronics in France and Italy.
    Inductor coils (audio): TDK in Japan.
    Main Chassis Assembly: Foxconn and Pegatron in China.
    Mixed-signal chips (such as NFC): NXP in Netherlands.
    Plastic Constructions (for the iPhone 5c): Hi-P and Green Point in Singapore.
    Radio Frequency Modules: Win Semiconductors (module manufacturers Avago and RF Micro Devices) in Taiwan. Avago technologies and TriQuint Semiconductor in the United States. Qualcomm in the United States for LTE connectivity.
    Screen and Glass (for the display): Corning (Gorilla Glass) in the United States. GT Advanced Technologies produces the sapphire crystals in the screens.
    Semiconductors: Texas Instruments, Fairchild and Maxim Integrated in the United States.
    Touch ID sensor: TSMC and Xintec in Taiwan.
    Touchscreen Controller: Broadcom in the United States (outsourced for manufacturing).
    Transmitter and Amplification Modules: Skyworks and Qorvo in the United States (outsourced for manufacturing).

    • (Score: 3, Touché) by corey on Sunday August 02 2020, @10:36PM (1 child)

      by corey (2202) on Sunday August 02 2020, @10:36PM (#1030471)

      Overall assembly: China.

      But hardware design and software: US (which are together by far the most valuable per unit)

      • (Score: 0) by Anonymous Coward on Monday August 03 2020, @12:15AM

        by Anonymous Coward on Monday August 03 2020, @12:15AM (#1030495)

        Even a battery can contain a hidden chip, some do for charging.

  • (Score: 5, Interesting) by Mojibake Tengu on Sunday August 02 2020, @08:42PM (5 children)

    by Mojibake Tengu (8598) on Sunday August 02 2020, @08:42PM (#1030419) Journal

    There is a possible strategy for plausibly hiding planned obsolescence for secured devices:

    1. Put a backdoor in a private construction. Fence it by legal means to prevent accidental discovery.
    2. Keep quiet for a device market lifetime. Market lifetime not necessarily the same length as technological lifetime.
    3. Do not put ("fix") the particular backdoor in next generation of product.
    4. When time has come for marketing a new generation, release the information about old backdoor to public. Preferably by allied channel outlets.
    5. Observe masses of customers dropping old device ahead of its time and buying a new one.

    Intel executed this strategy wrongly. Apple executes it much more effectively.

    --
    Respect Authorities. Know your social status. Woke responsibly.
    • (Score: 4, Interesting) by Bot on Sunday August 02 2020, @10:28PM

      by Bot (3902) on Sunday August 02 2020, @10:28PM (#1030467) Journal

      And this happens barely 3 months after Italy slapped Apple's wrist (10 million euro) confirming the accusation of planned obsolescence tactics.

      --
      Account abandoned.
    • (Score: 4, Insightful) by Mykl on Sunday August 02 2020, @10:35PM (1 child)

      by Mykl (1112) on Sunday August 02 2020, @10:35PM (#1030470)

      6. Have your users wonder whether they should risk buying from you again given the severity of the exploit.

      I still don't buy Sony products [wikipedia.org]. Anyone trying this strategy would want to be supremely confident that their demand will remain inelastic.

      • (Score: 2) by coolgopher on Monday August 03 2020, @02:11AM

        by coolgopher (1157) on Monday August 03 2020, @02:11AM (#1030537)

        Yeah I too stay as far away from both Sony and Intel as I can these days. If Sony hadn't screwed up so royally on multiple occasions I might've been quite fond of their stuff.

    • (Score: 2) by corey on Sunday August 02 2020, @10:40PM (1 child)

      by corey (2202) on Sunday August 02 2020, @10:40PM (#1030472)

      Though plausible, I think your idea is more conspiracy.

      Apple's been working hard to maintain its products' reputation as a secure platform, this damages that even though it's "old" hardware. You may also ask "if the old secure enclaves have this issue, there may be a similar issue in the new ones, we just don't know about it yet."

  • (Score: -1, Troll) by Anonymous Coward on Sunday August 02 2020, @09:57PM

    by Anonymous Coward on Sunday August 02 2020, @09:57PM (#1030453)

    ... your crapple!

  • (Score: 2) by jmichaelhudsondotnet on Monday August 03 2020, @03:50PM

    by jmichaelhudsondotnet (8122) on Monday August 03 2020, @03:50PM (#1030763) Journal

    I dont have to read this because I decided Apple was incapable of security a while back, so who cares.

    All those people who got the sysadmin jobs where they have to support phones lol.

    All the military personell using iphones on base, lol. (check all the military tv shows where they are practically in ghillie suits phoning the pentagon on their iphone roflmao)

    Here is a hint:

    The chinese might just release the bug to piss israelis off at this point.

    https://archive.is/UUt9W [archive.is] phone fetish
    https://archive.is/7YNX0 [archive.is] skeptical kid iphone

    People(loosely defined) telling me I am crazy: 1000000
    People even trying to say I am wrong: 0
    People willing to fund independent writers who have consistently been right on this issue, and whose lives have been made hell for it: 0
    Mastadon servers that have locked my account without explanation, so far, fitting the profile of servers not run by shills themselves: 2
    Intelligent conversations I have had with people I believe are not shills about the actual issues the entire time I have been at SN: maybe 3
    mass media channels not owned by the same people behind these exploits: 0

    clownworld, ftw

(1)