“Following the exposure of the decryption key protecting the firmware software running on the iPhone 5s’s Secure Enclave coprocessor that was posted on GitHub yesterday, an Apple source has reportedly said that any customer data securely stored in the cryptography coprocessor remains protected and that the company does not intend to roll out a fix at this time,” Christian Zibreg reports for iDownload Blog.
“TechRepublic interviewed the hacker ‘xerub’ who posted the decryption key,” Zibreg reports. “He explains that decrypting the Secure Enclave firmware could theoretically make it possible to watch the cryptographic coprocessor do its work and perhaps reverse-engineer its process, but warned that ‘decrypting the firmware itself does not equate to decrypting user data.'”
“That’s why an Apple source who wished to remain unidentified told the publication that the key’s exposure doesn’t directly compromise customer data,” Zibreg reports. “‘There are a lot of layers of security involved in the Secure Enclave and access to the firmware in no way provides access to data protection class information,’ said the Apple source.”
Read more in the full article here.
MacDailyNews Take: No biggie.
Why? This phone is end of life and the amount of work to even begin to hack it is not worth the effort.
New phones get new code. It’s that simple. Older phones most likely use different code also.
iPhone 5 is nearly obsolete. Can’t fault Apple for letting this slide.