Against bruteforce: apple relies on improved secure enclave in iphone chips

Against bruteforce: apple relies on improved secure enclave in iphone chips

Apple has quietly improved the key security element of its in-house chips: in new iPhones, iPads, Macs and Apple Watches released from fall 2020, the sealed-off coprocessor responsible for locking tasks is "Secure Enclave" will be combined with a secure storage component ("Secure Storage Component"), according to updated support documents from the manufacturer.

Counter Lockboxes against Bruteforce Attacks

As new protection technology comes in the second generation of the security chip now "Counter Lockboxes" to use, which keep the entropy value needed to decrypt password-protected user data, as the manufacturer explains in the so far English-only document on the security of Apple platforms. In order to access user data, the coupled Secure Enclave must derive the correct password value from the password set by the user and the Secure Enclave identifier (UID).

The user password could not be learned by unlocking attempts made by a unit other than the paired Secure Enclave, the document continued. If the limit for attempts to enter a password is exceeded (on the iPhone, ten attempts are usually possible to enter the correct device code), the protected data is automatically deleted.

Apple appears to be responding to unlock tools from law enforcement agencies such as Graykey that seek to determine the device code through bruteforce attacks – and if successful, can use it to decrypt the data on a physically present iPhone. There were also attempts from the jailbreak scene last year to use exploits against the Secure Enclave in order to undermine Apple’s security features.

New Secure Enclave in older chip series

The second generation of the secure storage component is not only used in Apple’s latest chip series A14 (iPhone 12, iPad Air 4), M1 (ARM Macs) and S6 (Apple Watch Series 6), but also in older chip series that Apple has apparently reied for this purpose: Products released starting in the fall of 2020 with the A12, A13, and S4 and S5 systems-on-chip (SoCs) are also equipped with the second-generation Secure Storage Component, Apple said. This includes newly produced models of the iPhone XR, iPhone 11 and iPhone SE 2020 and iPad 8, which Apple continues to carry in the program. Older products with these chips continue to come with the older first-generation secure storage component.

Like this post? Please share to your friends:
Leave a Reply