Protecting user data in the face of attack

Attackers attempting to extract user data often try a number of techniques: extracting the encrypted data to another medium for brute-force attack, manipulating the operating system version, or otherwise changing or weakening the security policy of the device to facilitate attack. Attacking data on a device often requires communicating with the device using physical interfaces like Thunderbolt, Lightning, or USB-C. Apple devices include features to help prevent such attacks.

Apple devices support a technology called Sealed Key Protection (SKP) that’s designed to ensure that cryptographic material is rendered unavailable off device, or that’s used if manipulations are made to operating system versions or security settings without appropriate user authorization. This feature is not provided by the Secure Enclave; instead, it’s supported by hardware registers that exist at a lower layer to provide an additional layer of protection to the keys necessary to decrypt user data independent of the Secure Enclave.

Sealed Key Protection is available only on devices with the following Apple-designed SoCs:

• A11–A18

• S3–S9

• M1–M4

iPhone and iPad devices can also be configured to only activate data connections in conditions more likely to indicate the device is still under the physical control of the authorized owner.

On an iPhone or iPad with iOS 18 and iPadOS 18 or later, a new security protection will restart devices if they remain locked for a prolonged period of time.