Apple's Secure Enclave locks down user data on iPhone and iPad, including the data for Touch ID. Recently, a hacker known as xerub posted a "decryption key" for the Secure Enclave Processor (SEP) firmware:
That's led to a lot of miscommunication, misunderstanding, and misreporting about what exactly it means in terms of iPhone and iPad security. Here's the deal:
Imagine the Secure Enclave as a vault. Apple hung a big, dark curtain over it to prevent anyone from even seeing the vault. Now, that curtain has been opened and people can see the vault. The vault, however, is still locked as securely as ever. No one has broken into it and no one has even gotten any closer to breaking into it.
Technically speaking, Apple encrypted the SEP firmware to obfuscate it so people couldn't easily poke around inside. That included security researchers, like those participating in Apple's bug bounty program. Now they can.
It was an additional but very superficial layer of protection. While many deride security-through-obscurity, "defensive in depth" — a multi-layered approach — is still a best-practice and making anything even a little bit harder to defeat makes it a little bit harder to defeat.
Philosophy aside, it's my understanding that the encryption key wasn't used to protect any user data or anything beyond obscuring the SEP. And absolutely no user data was or could be exposed through the leaked encryption key.
In other words, it's something to be informed about but not overly concerned with. SEP remains as secure as ever.
We may earn a commission for purchases using our links. Learn more.
Fortnite players, don't update iOS without reading this
Epic Games is warning Fortnite players over updating to iOS 14, in case a feature that temporarily removes apps to make space for the software deletes Fortnite, preventing users from reinstalling it.
Fantastical 3.2 is here with iOS 14 widgets, Scribble support for iPad
Flexibits has today released Fantastical 3.2, bringing iOS 14 widgets to the immensely popular calendar app.
Apple's online store opens in India
As promised, Apple has opened its online store in India following an announcement last week.
Don't let that new Apple Watch SE get scratched — get a screen protector
The Apple Watch SE is a great way to get an Apple Watch with the majority of new features for less money. If you're taking the plunge and getting an Apple Watch SE, you'll want the best Apple Watch SE screen protectors to make sure that the screen stays scratch-free!