Is there anything preventing over-the-air or powerline attacks against Apple's secure enclave chips?

iOS devices have a secure enclave built into the processor. So does the new M1 processors in Macs. Intel Macs had the T1 and T2 chip, both were secure enclaves and the T2 also builds in a crypto ASIC.

Is there anything in these secure enclaves that prevents over-the-air or powerline attacks? To me, the Apple A series chips used on iOS devices and the new M1 chip don't have anything resembling a proper chip level Faraday cage, just a metal heat spreader or EMI shield that can be easily pulled off. They have to transmit the security keys to either the processor or the crypto ASIC in plaintext right? So if you could hypothetically have access to the device's PCB while the secure enclave was initializing, would you be able to get anything from it?

Or, though I guess this wouldn't technically be an issue with the secure enclave but the entire processor, would you be able to siphon the key by having board level access while the crypto ASIC was working? I assume it would have to have the key in memory then (cache, I assume), and be actively using it. How difficult would this actually be to pull off assuming you had board level access, and has anyone tried it?

submitted by /u/LatterEngineer
[link] [comments]

from hacking: security in practice https://ift.tt/3aKBUFd

Comments