New unpatchable exploit allegedly found on Apples Secure Enclave chip, heres what it could mean – 9to5Mac

One of the major security enhancements Apple has brought to its devices over the years is the Secure Enclave chip, which encrypts and protects all sensitive data stored on the devices. Last month, however, hackers claimed they found a permanent vulnerability in the Secure Enclave, which could put data from iPhone, iPad, and even Mac users at risk.

The Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave. These keys are unique to your device and theyre never synchronized with iCloud.

More than just encrypting your files, Secure Enclave is also responsible for storing the keys that manages sensitive data such as passwords, your credit card used by Apple Pay, and even your biometric identification to enable Touch ID and Face ID. This makes it harder for hackers to gain access to your personal data without your password.

Its important to note that although the Secure Enclave chip is built into the device, it works completely separately from the rest of the system. This ensures that apps wont have access to your private keys, since they can only send requests to decrypt specific data such as your fingerprint to unlock an app through the Secure Enclave.

Even if you have a jailbroken device with full access to the systems internal files, everything thats managed by Secure Enclave remains protected.

These are the devices that currently feature the Secure Enclave chip:

This isnt the first time hackers have encountered vulnerabilities related to Secure Enclave. In 2017, a group of hackers were able to decrypt the Secure Enclave firmware to explore how the component works. However, they were unable to gain access to the private keys, so there wasnt any risk to users.

Now, Chinese hackers from the Pangu Team have reportedly found an unpatchable exploit on Apples Secure Enclave chip that could lead to breaking the encryption of private security keys. An unpatchable exploit means that the vulnerability was found in the hardware and not the software, so theres probably nothing Apple can do to fix it on devices that have already been shipped.

We still dont have further details on what exactly hackers can do with this specific vulnerability, but having full access to the Security Enclave could also mean having access to passwords, credit cards, and much more. The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic, similar to the checkm8 exploit that allows jailbreak for almost all iOS devices up to iPhone X.

Even though Apple has already fixed this security breach with the A12 and A13 Bionic chips, there are still millions of Apple devices running with the A11 Bionic or older chips that could be affected by this exploit. The impacts that this vulnerability found in the Security Enclave will have on users will likely be known in the coming months.

Keep in mind that exploits like this usually require the hacker to have physical access to the device in order to obtain any data, so its unlikely that anyone will be able to access your device remotely. An expected scenario is for government agencies to use this security breach on confiscated devices.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

See original here:
New unpatchable exploit allegedly found on Apples Secure Enclave chip, heres what it could mean - 9to5Mac