Apple’s closed architecture just got a little bit more open due to a recent leak. A hacker who goes by the handle “xerub” has published the decryption key for Apple’s iOS’ Secure Enclave Processor(SEP) firmware. The SEP is the processor in the iPhone that primarily handles Touch ID security. In an email to Threatpost, Apple stated that it is currently attempting to confirm the validity of the key.
— ~ (@xerub) August 16, 2017
SEP is a coprocessor within the Iphone’s OS that manages cryptographic operations for data protection. It is used to identify Touch ID fingerprint data, purchases with the sensor and phone unlocking. Touch ID communicates with the processor using a serial peripheral interface bus. The SEP is separated from the rest of iOS meaning that theoretically user data would not be at risk due to the leak.
This leak might be a blessing in disguise for Apple, well kind of. One of the reasons Apple products are so efficient is due to their closed architecture technology. However, this can also be a double edged. Unlike open source software, where anyone can see the code and check for vulnerabilities, the only ones capable of finding bugs in Apple products is the company itself.