RALEIGH, N.C. (WNCN) – Everyone has personal information on their phones that they hope and trust will stay private.
North Carolina State University researchers wanted to know if Apple devices are as secure as people like them to be.
“Don’t give up because this project took two years. It was a very like a shot in the dark,” said Aydin Aysu, who is an assistant professor of electrical and computer engineering at N.C. State.
Apple is known for building devices that keep people from seeing just how they work internally. Aysu and master’s graduate Gregor Haas spent two years developing a software toolkit that can test the security of Apple’s hardware.
“Well, you know, with the pandemic and everything, we were trying to do everything remotely, so we have been quite challenged in this project because it needed a lot of physical equipment,” Aysu said.
Even with those challenges, the team did find a vulnerability.
“It can leak essentially the secret keys that are being used in a crypto library.”
Aysu said the good news is the issue is with iPhone X and younger versions, not newer ones. The team alerted Apple of their findings, which are also now published for the public to read. The team has found no outside evidence of an attack. They plan to use the same toolkit to test other systems, as well.
“If you are determined and if you are really working hard, then you will find maybe many vulnerabilities in different systems,” Aysu said.