August 18, 2017<p>Also, don't be mislead by the headline. To quote a comment on the article:<p>"Imagine the Secure Enclave as a vault. Apple hung a big, dark curtain over it to prevent anyone from even seeing the vault. Now, that curtain has been opened and people can see the vault. The vault, however, is still locked as securely as ever."
<i>> It’s a black box that we’re not supposed to know anything about</i><p>Nope. Apple published a whitepaper that details how the SEP works.[1] Decrypting the firmware does help researchers look for vulnerabilities in the implementation, but it's not like Apple is relying on it being a black box.<p>[1] <a href="https://www.apple.com/business/docs/iOS_Security_Guide.pdf" rel="nofollow">https://www.apple.com/business/docs/iOS_Security_Guide.pdf</a>
How does one find such a key? It's my understanding the brute forcing such key would take billions of years on a regular CPU, so can anyone here explain how this was (probably) achieved?
This was actually cracked back in August, and sites quoted Apple as saying they have no plans to fix it, presumably because obscurity is not security and they originally encrypted it because well, why _not_?<p>Ultimately there will be some exposure from this, and they'll address each exploit as it comes just like the rest of the system.
This is interesting. I hope Apple has some hefty bug bounties on SEP vulnerabilities. I also hope Apple has chosen a sensibly safe language for the SEP firmware code, since correctness is of essential importance here.