Abstract
Many smartphones and other devices implement a secure hardware enclave for device security. The secure enclave can provide a high-level of security. However, when a device is stolen and jailbroken to install a new operating system, the secure enclave has no ability to detect that the device is in a stolen state, and cannot limit device use. This disclosure describes techniques to secure devices against post-theft usage such that even attackers that attempt a jailbreak or bypass bootloader integrity checks are unable to configure such a device for use. Per the techniques, periodic secure communication between the secure enclave and the device OS is mandated. Such communication can be based on a cryptographic mechanism set up at initial configuration of the device, linking the device to a particular user account and a trusted server. After each such successful communication, a countdown timer is started in the secure enclave. If no successful communication occurs by the expiry of the countdown timer (which is the case if the device is jailbroken or if a trusted server stops authorizing timer resets), the secure enclave automatically puts the device in a secure state. In the secure state, further use of the device is prevented, e.g., by automatically resetting the device application processor at frequent intervals.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Bires, Max and Pandit, Siddarth, "Secure Enclave-based Techniques to Render Stolen Devices Unusable", Technical Disclosure Commons, (September 29, 2025)
https://www.tdcommons.org/dpubs_series/8645