Announcement posted by Threat Intelligence 18 Aug 2017
Threat Intelligence Expert Provides Insights on how the operating system for an iOS device can be accessed for the first time – letting hackers research how to breach security
Threat Intelligence Expert Provides Insights on how the operating system for an iOS device can be accessed for the first time – letting hackers research how to breach security
What: A hacker who goes by the alias "xerub" has managed to successfully crack Apple's Secure Enclave firmware decryption key for their iOS devices. The Secure Enclave Processor (SEP) is used by iOS devices to store and manage the encryption keys and authentication process for the device. This includes fingerprint data for touch ID. Fingerprint touch ID is the authorisation for sensitive data and allows payment transactions to proceed, including Apple Pay and purchases from the iTunes Store.
Why: This type of attack could potentially lead to an authentication bypass attack – making Touch ID redundant - for the device owner. Outcomes include payment authorisations being forged and potential financial loss for the device owner.
Who: IT Security expert Ty Miller, Founder and Managing Director of Threat Intelligence is available for interviews and in-depth information about what accessing the Secure Enclave of an iOS device really means right now – and what the potential for hackers could be.
Among the topics Ty can discuss:
Contact:
To arrange interviews with Ty Miller from Threat Intelligence on this or any other IT security-related topics, please contact:
TY MILLER CATHRYN VAN DER WALT
0409 713 735 0402 327 633
ty.miller@threatintelligence.com cathryn@12worlds.com
What: A hacker who goes by the alias "xerub" has managed to successfully crack Apple's Secure Enclave firmware decryption key for their iOS devices. The Secure Enclave Processor (SEP) is used by iOS devices to store and manage the encryption keys and authentication process for the device. This includes fingerprint data for touch ID. Fingerprint touch ID is the authorisation for sensitive data and allows payment transactions to proceed, including Apple Pay and purchases from the iTunes Store.
Why: This type of attack could potentially lead to an authentication bypass attack – making Touch ID redundant - for the device owner. Outcomes include payment authorisations being forged and potential financial loss for the device owner.
Who: IT Security expert Ty Miller, Founder and Managing Director of Threat Intelligence is available for interviews and in-depth information about what accessing the Secure Enclave of an iOS device really means right now – and what the potential for hackers could be.
Among the topics Ty can discuss:
- Ease of bypassing current security controls
- New attacks likely to be seen– financial apps, email accounts and social media networks
- The increased value of a stolen iPhone
- Timeframe for research and potential breaches
- Bounties for successful attacks – who is going after the $100,00 incentive
Contact:
To arrange interviews with Ty Miller from Threat Intelligence on this or any other IT security-related topics, please contact:
TY MILLER CATHRYN VAN DER WALT
0409 713 735 0402 327 633
ty.miller@threatintelligence.com cathryn@12worlds.com