Security researcher “xerub” has exposed the full decryption key for the iPhone 5s’s cryptographic coprocessor which handles Touch ID, called Secure Enclave. xerub posted the decryption key online ahead of this year’s Hack in the Box (HITB) conference in Singapore.
The Secure Enclave is fabricated in the A7 chip first shown in the iPhone 5s in 2013 and the S2 chip powering Apple Watch Series 1 and Series 2. The release of this key doesn’t mean the phone is no longer safe as the sensitive data stored in the Secure Enclave is secured with other keys that haven’t been compromised. All security experts can do is use the “img4lib” library to decrypt and take a closer look at Apple’s secret software running on the cryptographic coprocessor, not read any data stored in it.
The Secure Enclave has its own secure boot process to ensure its separate firmware is verified and signed by Apple and can only be changed via a personalized software update process that is created just for it.
iOS hacker Will Strafach aka Chronic has confirmed that this is not a huge deal for end users because the Secure Enclave has not actually been hacked. “Decryption key in this case is for the firmware, allowing more researchers to look at it,” he said on Twitter.