NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
MOSEC 2020: Attack Secure Boot of Apple's Secure Enclave Processor [pdf] (github.com)
xphos 1329 days ago [-]
Have the videos of the conference been released? I haven't been able to find them anywhere
macintux 1329 days ago [-]
Noteworthy: this flaw was fixed for versions of the processor after the iPhone X, it requires physical access to the device, and it can’t be fixed for older processors.
saagarjha 1329 days ago [-]
Currently just A8/A9/A10, more work is necessary for A7/A11 although it might still work on those. (It requires a BootROM exploit like checkra1n to work at all.)
hfse 1329 days ago [-]
It will be interesting to see if the checkra1n team can get this to work on the A11 SoC. They'll have to do something, since the new iOS betas now check the "Boot Progress" Register. As this check is done by the SEP core, bar an exploit, the system can refuse to decrypt the user's data partition.

I'm fairly sure this bug is related to how the SEP handles it's 64 bit numbers... so it might not be exploitable on newer chipsets. IIRC the iPhone X has an ARMv8 SEP vs Cortex-A7 in earlier models.

itg 1329 days ago [-]
Wonder what % of the population has an iphone x or older device.
macintux 1329 days ago [-]
Most recent data I’ve found, dating from last fall, indicates the vast majority fall into that category. Makes sense, the days of exponential growth are over.

https://deviceatlas.com/blog/most-popular-iphones

Razengan 1329 days ago [-]
A lot more than those with XS or newer, I bet.
traceroute66 1329 days ago [-]
I am of the opinion that if a vulnerability requires physical access to execute then it's not really that newsworthy. Sure its a vulnerability that should be fixed, but its not worthy of a song and dance.

We all know the first rule of IT security: Physical Access = Game Over

Fnoord 1329 days ago [-]
This chip is specifically designed to avoid physical access meaning game over. Which, given you carry the device around with you (smartphone, tablet, laptop, etc), is an important feature.

Not just against theft. Some countries are not very free, and might confiscate your device for no good reason. Another important feature is that you can resell the device without having to worry about data recovery.

Obviously, its a knife which cuts the other way too. It has disadvantages. For example, for law enforcement all around the world.

xphos 1328 days ago [-]
I think you are missing the point that they don't open source any of there security in the iphone and that this vulnerability brings researchers a ton of freedom to execute arbitrary code
baby 1329 days ago [-]
was the talk recorded anywhere? I really can't follow anything just with slides.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 03:56:39 GMT+0000 (Coordinated Universal Time) with Vercel.