Wired
At the Mosec 2020 conference held recently, the famous domestic iOS jailbreak team Pangu once again exposed heavy news. Not only did it perform a perfect jailbreak on iOS 14, but its team member Jin Wook Kim said on Twitter that the team’s ability to achieve jailbreak is It should be that a “permanent” and “unrepairable” vulnerability in Apple’s Secure Enclave chip was discovered, which may cause the encryption of the private security key to be cracked. This means that this vulnerability exists in the hardware, and Apple cannot perform security upgrades through software updates. According to the application scenarios of the hardware, this vulnerability may put iPhone, iPad, Mac, Apple Watch and other Apple devices at risk.
What is the Secure Enclave security coprocessor?
Simply put, the Secure Enclave security coprocessor is almost a standard hardware configuration in Apple mobile phones. It will use a random key to uniquely encrypt the data of each mobile phone. It can provide additional security protection for Apple devices, using a random key to encrypt data, and only Secure Enclave can access it. These keys are unique to your device, and they will never be synchronized with iCloud. It should be noted that it is a piece of hardware, which means that Apple cannot fill the loopholes through system upgrades, so this loophole is almost irreparable.
It should be noted that although the Secure Enclave chip is built into the device, its working principle is completely separated from the rest of the system. This ensures that the application does not access the user’s private key, because these applications can only send requests to decrypt specific data, such as your fingerprint, to unlock the application through the Secure Enclave. Even if the user’s device has been jailbroken and can fully access the system’s internal files, all things managed by Secure Enclave are still protected.
In addition to encrypting files on Apple devices, Secure Enclave is also responsible for storing keys for managing sensitive data, such as passwords, credit cards used by Apple Pay, and even the user’s biometrics to enable Touch ID and Face ID. This vulnerability can be used. Make it easier for hackers to access users’ personal data. It is reported that the current vulnerability in Secure Enclave will affect all Apple chips between A7 and A11 Bionic. At the same time, the vulnerability may also cause almost all iOS devices to jailbreak at will.
Which Apple devices currently use Secure Enclave chips?
At present, the Pangu team has not disclosed more details about the Security Enclave vulnerability discovered this time, but according to analysts, if the vulnerability can be used to achieve full access to the Security Enclave, it means that hackers can obtain device passwords, credit cards and other information. According to the information disclosed by the Pangu team, the only thing we can know is that this vulnerability of Secure Enclave will affect all Apple products between A7 and A11 Bionic processors. Although Apple has fixed this security vulnerability in the A12 and A13 Bionic chips, there are still millions of Apple devices running A11 Bionic or older chips that may be affected by this vulnerability.
This is no longer a vulnerability found in Secure Enclave
This is not the first time a hacker has discovered a vulnerability in the Secure Enclave. In 2017, hackers were able to decrypt the Secure Enclave firmware to explore how the component works, but they cannot access the private key, so there is no risk to the user. But having full access to the Security Enclave may also mean that hackers can access the user’s password, credit card information, etc. The only thing I know is that this vulnerability in Secure Enclave affects all Apple chips between A7 and A11 Bionic, similar to the checkm8 vulnerability, which enables almost all iOS devices (including iPhone X) to be jailbroken.