Your iphone in danger? Hack Touch ID security - CYDIAPLUS.com

Breaking

Friday, 18 August 2017

Your iphone in danger? Hack Touch ID security



Bad news regarding the security of Apple devices with Touch ID. It seems that a hacker has managed to break the encryption key of this system . The hacker, which is named Twitter @xerub, has published an extraction tool as well as correlation information regarding the Secure Enclave on the iPhone 5s.

The Secure Enclave is responsible for processing the fingerprint data of the Touch ID sensor , determining whether the fingerprints are registered, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place via a serial peripheral interface bus.



The processor sends the data to the Secure Enclave, but can not read it. It is encrypted and authenticated with a session key that is negotiated using the shared key of the device that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses the AES key wrapper on both sides, providing a random key that sets the session key and uses AES-CCM transport encryption .


The processor sends the data to the Secure Enclave, but can not read it. It is encrypted and authenticated with a session key that is negotiated using the shared key of the device that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses the AES key wrapper on both sides, providing a random key that sets the session key anXerub did not say how he decrypted the key, but pointed out the tools that can be used to decrypt the firmware and process it. Apple has yet to confirm whether the published key is legitimate, but even if it is, its release does not endanger user data or reduce Secure Enclave's security . Its publication simply means that security researchers and hackers (malicious or not) will now be able to inspect and test the firmware for vulnerabilities.

Do you think Apple takes the security of their devices seriously? Post your comments and follow us on social networks. We will wait for you.d uses AES-CCM transport encryption .

No comments:

Post a Comment

Follow by Email