fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New ‘Unpatchable’ Exploit Allegedly Found On Apple’s Secure Enclave Chip, Here’s What It Could Mean

New ‘Unpatchable’ Exploit Allegedly Found On Apple’s Secure Enclave Chip, Here’s What It Could Mean

One of the major security enhancements Apple has brought to its devices over the years is the Secure Enclave chip, which encrypts and protects all sensitive data stored on the devices. Last month, however, hackers claimed they found a permanent vulnerability in the Secure Enclave, which could put data from iPhone, iPad, and even Mac users at risk.

What is Secure Enclave?

The Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave. These keys are unique to your device and they’re never synchronized with iCloud.

More than just encrypting your files, Secure Enclave is also responsible for storing the keys that manage sensitive data such as passwords, your credit card used by Apple Pay, and even your biometric identification to enable Touch ID and Face ID. This makes it harder for hackers to gain access to your personal data without your password.

It’s important to note that although the Secure Enclave chip is built into the device, it works completely separately from the rest of the system. This ensures that apps won’t have access to your private keys, since they can only send requests to decrypt specific data such as your fingerprint to unlock an app through the Secure Enclave.

Even if you have a jailbroken device with full access to the system’s internal files, everything that’s managed by Secure Enclave remains protected.

These are the devices that currently feature the Secure Enclave chip:

  • iPhone 5s and later
  • iPad (5th gen) and later
  • iPad Air (1st gen) and later
  • iPad mini 2 and later
  • iPad Pro
  • Mac computers with the T1 or T2 chip
  • Apple TV HD (4th gen) and later
  • Apple Watch Series 1 and later
  • HomePod

What changes with an exploit?

This isn’t the first time hackers have encountered vulnerabilities related to Secure Enclave. In 2017, a group of hackers was able to decrypt the Secure Enclave firmware to explore how the component works. However, they were unable to gain access to the private keys, so there wasn’t any risk to users.

Now, Chinese hackers from the Pangu Team have reportedly found an “unpatchable” exploit on Apple’s Secure Enclave chip that could lead to breaking the encryption of private security keys. An unpatchable exploit means that the vulnerability was found in the hardware and not the software, so there’s probably nothing Apple can do to fix it on devices that have already been shipped.

Also read: 4 easy guides to data breach assessment

We still don’t have further details on what exactly hackers can do with this specific vulnerability, but having full access to the Security Enclave could also mean having access to passwords, credit cards, and much more. The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic, similar to the checkm8 exploit that allows jailbreak for almost all iOS devices up to iPhone X.

Even though Apple has already fixed this security breach with the A12 and A13 Bionic chips, there are still millions of Apple devices running with the A11 Bionic or older chips that could be affected by this exploit. The impacts that this vulnerability found in the Security Enclave will have on users will likely be known in the coming months.

Keep in mind that exploits like this usually require the hacker to have physical access to the device in order to obtain any data, so it’s unlikely that anyone will be able to access your device remotely. An expected scenario is for government agencies to use this security breach on confiscated devices.

Also read: 12 brief explanation about the benefits of data protection for business success

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us