The curtain has been lifted on Apple's Secure Enclave Processor, however all any individual can see now's the vault in the back of it.
Apple's Secure Enclave locks down person knowledge on iPhone and iPad, together with the knowledge for Contact ID. Just lately, a hacker referred to as xerub posted a "decryption key" for the Secure Enclave Processor (SEP) firmware:
That is led to a lot of miscommunication, false impression, and misreporting about what precisely it manner in phrases of iPhone and iPad safety. This is the deal:
Believe the Secure Enclave as a vault. Apple hung a giant, darkish curtain over it to save you any individual from even seeing the vault. Now, that curtain has been opened and folks can see the vault. The vault, on the other hand, continues to be locked as securely as ever. Nobody has damaged into it and nobody has even gotten any nearer to breaking into it.
Technically talking, Apple encrypted the SEP firmware to obfuscate it so folks could not simply poke round within. That incorporated safety researchers, like the ones taking part in Apple's trojan horse bounty program. Now they may be able to.
It was once an extra however very superficial layer of coverage. Whilst many deride security-through-obscurity, "defensive extensive" — a multi-layered way — continues to be a best-practice and making the rest even a little bit tougher to defeat makes it a little bit tougher to defeat.
Philosophy apart, it is my working out that the encryption key wasn't used to give protection to any person knowledge or the rest past obscuring the SEP. And completely no person knowledge was once or may well be uncovered during the leaked encryption key.
In different phrases, it is one thing to be told about however no longer overly involved in. SEP stays as protected as ever.