enclave processor

Up until Super Bowl XLII, David Tyree was a backup receiver and a special teams Pro Bowler at best. However, his relatively quiet career would be defined by a single moment on February 3rd, 2008. The New York Giants were down 14-10 against the New England Patriots. The Patriots, who had a combined regular season and playoff record of 18-0 up to this point, were the heavy favorites. Giants quarterback Eli Manning had less than three minutes to march 83 yards down the field. On third-and-five with 1:15 remaining, Manning overthrew a 32 yard pass that at best would bring up fourth down and at worst would end the Giants Super Bowl journey. But David Tyree, having already scored one touchdown, leapt up and brought in the errant pass–with his head. With a new set of downs Manning took his team across the opposing goal line for a touchdown, as the Giants went on to secure a Super Bowl victory. Tyree became an instant hero. He did the impossible and, single-’headedly’ defeated the New England behemoth. In the business world, tech behemoth Apple recently faced a potential upset. A hacker publicly posted the decryption key to Apple’s Secure Enclave Processor, issuing a challenge to the tech giant and raising the question, “Can anyone crack Apple’s security fortress?”

Apple’s Potential Security Nightmare

Apple’s Secure Enclave Processor (SEP) is responsible for managing the cryptographic operations for a large swath of Apple products, including the Apple Watch (Series 2), iPhone 5s, iPad Air,  and iPad Mini (2 and 3). It handles password verifications, Touch ID interactions, and other vital security processes. The uniqueness of the SEP is that it operates completely independent of the main operating system, allowing for an added level of security and cyber safety. If the main OS were corrupted in any way, the SEP would theoretically be impervious to the damages and keep important security information encrypted and protected. It has a feature that generates a unique ID for each device that serves certain identification purposes. The ID regenerates each time a reboot occurs and is stored independently from the rest of the system. As one report puts it, “the enclave’s isolation serves to obfuscate it from the rest of the system, preventing hackers from rifling through its code to make it as secure as possible.”

Unfortunately for Apple, the hacker xerub posted the decryption key on GitHub, commenting “I think public scrutiny will add to the security of SEP in the long run.” Xerub claims the hack will probably not have a massive impact, and an unidentified Apple spokesperson says the disclosing of the key won’t directly compromise customer data. However, many are worried that more malicious hackers could “watch the SEP do its work and reverse engineer its process, gain access to passwords and fingerprint data, and go even further toward rendering any security relying on Apple’s Security Enclave Processor completely ineffective.” Absent an official statement, it is unclear how Apple will proceed given the circumstances. One report suggests that at this point, Apple will not be rolling out a solution.

Apple users will have to wait and see what happens with SEP’s decryption key. It could have very minimal results, reinforcing both xerub and the unnamed Apple spokesperson’s predictions. Or it could be utilized by more advanced and malevolent hackers, resulting in a large security breach with far reaching ramifications. And undoubtedly, if the news continues to spread, it could damage customers’ views of Apple products as safe and reliable. Though on the technical side of things nothing significant has happened, to the general public the hack is alarming on many levels. Surely Apple users are wondering if Apple’s Security Enclave Processor is an 18-0 New England team, confidently waiting for the next David Tyree to take them down.

We hope you liked this article.  View more trending Security news here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here