Click to Skip Ad
Closing in...

The iPhone’s most secure component was ‘hacked’ but there’s no reason to panic

Published Aug 18th, 2017 7:45AM EDT
iPhone Secure Enclave
Image: Zach Epstein, BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple unveiled the iPhone 5s in September 2013, and its signature feature was the fingerprint sensor embedded in the home button. Marketed as Touch ID, the security feature would let users unlock the phone and authenticate App Store payments. The introduction of Touch ID paved the way for Apple Pay, a mobile payment system designed by Apple that uses one’s fingerprint to verify each payment. Touch ID was later opened to developers to integrate it into their apps.

Touch ID also brought a new security feature inside the iPhone, the Secure Enclave that makes possible authentication via fingerprint scans. Each iOS device that has a Touch ID sensor must also have a Secure Enclave, which happens to be the most secure component of the handset. However, a hacker managed to obtain the full decryption key for the iPhone 5s’s Secure Enclave. That said, there’s no reason to panic for the moment.

The Secure Enclave resides inside the iPhone’s processor, the A7 for the iPhone 5s. It uses its own software that’s not tied to the main operating system of the handset. The component will process Touch ID data and produce a corresponding result. That’s why this particular area of the phone is heavily protected by encryption.

First seen by Redmond Pie, this tweet from security researcher @xerub confirms that the “fully grown” decryption key of the iPhone 5s’s Secure Enclave has been cracked:

Security researcher Will Strafach quickly posted an update for the “hack,” explaining that just the enclave had not been hacked in the traditional sense. The decryption keys will, however, let researchers and hackers study Apple’s firmware for the Secure Enclave.

https://twitter.com/chronic/status/898217462029791232

That doesn’t mean your iPhone 5s is less secure. But this even opens the door to anyone experienced enough to dig through the firmware.

it’s also worth noting the “hack” only applies to the iPhone 5s.

Even if malicious hackers find security holes to exploit in the software that governs it, they’ll probably need physical access to your iPhone 5s to update the Secure Enclave’s software and then abuse it.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.