Hackers Found An Unpatchable Weakness In A Security Feature That Has Protected Apple Users For Years

Dhir Acharya - Aug 05, 2020

Even iPhone users may haven’t of this term, but Apple has a padlock that protects almost all of its products called the Secure Enclave.

Even iPhone users may haven’t of this term, but Apple has a padlock that protects almost all of its products called the Secure Enclave. The tech giant described the feature as a secure coprocessor consisting of a hardware-based key manager that’s isolated from the main processor, providing an additional security layer.

Security Enclave is a security feature that protects almost every Apple device

This feature is used on many models of the iPad, iPhone, Apple Watch, Mac, Apple TV, and HomePod product lines. All the data on such devices is encrypted with random private keys that can only be accessed through the Secure Enclave. Then, the coprocessor stores the keys that manage sensitive data like passwords. The company writes:

“The Secure Enclave also maintains the integrity of its cryptographic operations even if the device kernel has been compromised. Communication between the Secure Enclave and the application processor is tightly controlled by isolating it to an interrupt-driven mailbox and shared memory data buffers.”

Simply speaking, here’s how the Secure Enclave works, when storing a private key in the hardware, you don’t directly deal with the key. In fact, the Secure Enclave is assigned to generate the key, store it securely, and perform operations with it. Eventually, you receive the output of this process only, making it extremely difficult for the key to be compromised.

However, hackers have made a lot of attempts to compromise the key for a long time. In 2017, a group of hackers was able to decrypt the Secure Enclave firmware but they couldn’t access the private keys, so users remain safe.

Unfortunately, a group of Chinese hackers named Pangu Team has found the hardware’s weakness that could allow them to decrypt the private security keys, according to 9to5Mac. With this unpatchable exploit, Apple users now have a reason to worry about their privacy and security.

The exploit in the hardware instead of the software, so Apple cannot fix it remotely with a patch as it does with bugs. So far, there haven’t been any details revealed regarding what the hackers may do with this exploit but they would likely need physical access to a device to make it happen.

So, for now, at least Apple users can hope that as long as they keep their devices secure. Never leaving their eyesight, they will be safe.