In the wake of catastrophic breaches that sent shockwaves through the digital asset industry—with exchanges like Bybit losing billions to sophisticated attacks—our decision to build our security infrastructure exclusively on Apple devices and their Secure Enclave technology faced intense scrutiny.

‍

Many industry voices pushed for dedicated hardware wallets despite their inherent vulnerabilities to blind signing attacks via tiny, inadequate screens. Today, as Apple continues its relentless security evolution with innovations like Exclaves—a sophisticated security architecture that isolates sensitive operations from the main kernel—our approach has been emphatically validated.

‍

The latest security advancements detailed in Apple’s XNU kernel redesign demonstrate exactly why we maintained our position: when a company invests billions in creating layered, hardware-backed security that improves with each generation, it provides a foundation for digital asset protection that standalone hardware solutions simply cannot match.

‍

What are Exclaves?

‍

In 2024, Apple quietly introduced a major security upgrade called "Exclaves" for their newest devices running on M4 and A18 processors (like the iPhone 16). This wasn't just a routine update—it represents one of the most significant security architecture changes in recent years, though most users won't directly see it working.

‍

As part of the update, the M4 iPad Pro now features a "Secure Indicator Light (SIL) mechanism" where the corresponding indicator dot is effectively rendered in hardware, making it a lot less likely that any malware or user space app would be able to access those sensors without the user's knowledge.

‍

To update more deeply what the fundamental change of this update is, imagine your computer or phone's operating system as a large house where all your apps and data live. Traditionally, if a burglar (hacker) gets past the front door (finds a security flaw), they can potentially access everything inside. Apple's Exclaves is like adding several impenetrable vaults inside this house. These vaults:

• Have their own separate security systems that work even if the main house alarm is compromised
• Store and protect your most sensitive information and operations (like encryption keys or camera indicators)
• Run in a completely separate, isolated environment from the rest of your device
• Have extremely limited entry points, making them much harder to break into

‍

When you use your device, certain critical security operations now happen inside these vaults rather than in the main "house." So even if a sophisticated attacker somehow compromises your device's main operating system, they still can't access these protected areas.

‍

This is important because it means even if hackers find a vulnerability in the main system, they can't access things like:

• Your camera or microphone without the indicator lights showing
• Certain encryption keys and sensitive biometric data
• Critical security functions of the OS and its mechanisms (e.g. Face ID data)

‍

In simple terms, Exclaves add multiple layers of security protection beyond what was possible before, making Apple devices significantly more resistant to sophisticated attacks by isolating the most sensitive operations in their own ultra-secure environments.

‍

How Exclaves Will Strengthen Self-Custody Digital Assets Solutions

‍

What Makes Self-Custody Vulnerable?

‍

In self-custody solutions for digital assets (like cryptocurrency wallets where you control your private keys), security vulnerabilities in the operating system are extremely dangerous. If malware compromises your device's kernel, it could potentially:

• Steal your private keys when they're in use
• Monitor your screen to capture seed phrases
• Modify transaction data to send funds to attackers (see the recent Bybit hack)
• Record your password/PIN inputs

‍

How Exclaves Creates a Secure Foundation

‍

Exclaves provide several critical protections that specifically benefit self-custody solutions.

‍

1. Protected Key Operations

‍

Private keys could be managed within an exclave, meaning the main operating system (which is more vulnerable to attack) never has direct access to the raw key material. All signing operations would happen inside this isolated environment.

‍

2. Hardware-Rendered Transaction Details

‍

Instead of just indicator lights, the Secure Exclave could power a small hardware-controlled display area showing critical transaction data (destination address, amount, fee) that cannot be spoofed by malware.

‍

Just as the Secure Indicator Light (SIL) ensures camera/microphone access is visibly indicated regardless of software compromise, a transaction verification system could guarantee that what you're approving is what's actually being signed.

‍

3. Trusted Input Path

‍

The same hardware control that ensures indicator lights can't be bypassed on the iPad Pro M4 could be used to create a secure input path for transaction approvals – hardware buttons or touch zones directly connected to the Exclave. This way, we have hardware-backed input mechanisms that can't be intercepted by malware.

‍

4. Tamper-Resistant Storage

‍

Seed phrases, MPC shares and backup information would be encrypted and stored in exclave-protected regions that remain secure even in the unlikely event the main OS kernel is compromised.

‍

Real-World Benefits

‍

For users, this means:

• Significantly reduced risk when using mobile/desktop crypto wallets on macOS
• More confidence that what you see on screen is genuine
• Protection against sophisticated malware targeting digital assets
• The convenience of using standard devices rather than specialized hardware, and getting the best security
• Less risk of supply chain compromise as the hardware is purchased by the user directly from the vendor (in this case, Apple)
• Future-proof security that improves with continuous over-the-air (OTA) updates

‍

Essentially, Exclaves will help bridge the security gap between hardware wallets and software wallets, providing many of the security benefits of dedicated hardware while maintaining the convenience of software solutions on devices you already own and use.

‍

The Self Custody Landscape

‍

‍

Apple's Security Evolution: A Foundation of Continuous Innovation

‍

Apple's approach to security hasn't happened overnight. The Exclaves technology represents the latest step in a long journey of security innovations that have been quietly protecting users for years. This consistent evolution of security features demonstrates why our Apple-first approach has proven so effective—each generation builds upon a solid foundation of previous security layers.

‍

Unlike many security enhancements that require developer opt-in, Apple has implemented most of these protections at the system level, providing protection transparently for all applications running on their platforms. This approach means that even if wallet developers aren't security experts, their users still benefit from Apple's continuous security investments.

‍

2013: The Secure Enclave

‍

Apple fundamentally changed mobile device security with the introduction of the Secure Enclave coprocessor in the A7 chip (iPhone 5S). This dedicated security subsystem provided hardware-level isolation for sensitive data like fingerprint information and encryption keys, establishing the architectural foundation for all future security enhancements.

‍

2014: macOS App Sandboxing

‍

With the release of OS X Yosemite, Apple introduced mandatory sandboxing for all applications submitted to the Mac App Store. This major security advancement addressed a critical weakness in the previous security model by preventing applications from modifying each other's files and ensuring greater isolation between apps.

‍

2015: System Integrity Protection

‍

SIP (also known as "rootless") was introduced with OS X El Capitan and represented a fundamental shift in the macOS security model by preventing even users with root privileges from modifying critical system files.

‍

2016: Secure Boot and Hardware-Based Key Management

‍

With the Apple T1 chip in MacBooks, Apple extended secure boot chains and hardware key management beyond iOS devices. This ensured that only trusted, Apple-signed software could run during the boot process, preventing malicious code from compromising devices early in the startup sequence.

‍

2018: Pointer Authentication Codes (PAC)

‍

The introduction of the A12 Bionic chip brought arm64e architecture with one of the most significant under-the-hood security improvements: Pointer Authentication Codes (PAC). This revolutionary technology helps prevent memory corruption attacks by cryptographically signing pointers, making it substantially more difficult for attackers to exploit memory vulnerabilities.

‍

PAC works by adding cryptographic signatures to memory address pointers. When the system uses a pointer, it verifies this signature, and if tampering is detected, the operation fails. This effectively neutralizes many common exploit techniques that involve manipulating memory addresses to achieve code execution—a strategy frequently employed in sophisticated attacks on high-value targets like cryptocurrency and e-banking applications.

‍

2019-2020: PAC Enhancements and Apple Silicon

‍

Apple expanded PAC capabilities with the A13 Bionic, implementing additional PAC instructions and protections. The transition to Apple Silicon with the M1 chip further unified this security approach across all Apple platforms, bringing the same robust protections to macOS that had previously been exclusive to iOS devices.

‍

2021: Memory Isolation and BlastDoor

‍

iOS 14 introduced BlastDoor, a sandboxed system for processing iMessage content. This created another layer of isolation, preventing malicious code from accessing system resources. Apple also enhanced its memory isolation techniques, making it even more difficult for attackers to jump between processes.

‍

2022: Lockdown Mode and Hardware-Verified Secure Boot

‍

Responding to the emergence of sophisticated spyware, Apple introduced Lockdown Mode in iOS 16, creating an optional ultra-secure operating environment that sacrifices some functionality for maximum protection. The T2 and later M-series chips also implemented hardware-verified secure boot with cryptographic checks at multiple stages of the boot process.

‍

2023: Advanced Data Protection and Rapid Security Responses

‍

Apple expanded end-to-end encryption to more iCloud services with Advanced Data Protection, ensuring that even more user data remained encrypted in transit, on Apple's servers, and was only decryptable on trusted devices. The introduction of Rapid Security Responses allowed critical security patches to be deployed quickly without full OS updates.

‍

Worth noting, however, is that as of February 24, 2025, Apple has disabled the Advanced Data Protection capability for users in the UK as its government pushed for greater access to end-to-end encrypted (E2EE) user data under the Investigatory Powers Act. This development highlights the ongoing tension between corporate security innovations and government surveillance demands.

‍

The Takeaway: Exclaves—The Next Generation

‍

With the M4 and A18 processors, Apple has enabled Exclaves—representing the culmination of this security evolution. Exclaves build directly upon the foundation laid by the Secure Enclave, secure boot chains, and PAC, taking hardware-isolated execution environments to a new level of sophistication.

‍

The introduction of PAC in 2018 was particularly significant for digital asset security because it specifically addressed memory corruption vulnerabilities—the exact attack vector frequently used against cryptocurrency wallets and exchanges. By making it dramatically more difficult to exploit memory issues, PAC has quietly been protecting digital asset users even before they realized they needed this protection.

‍

Exclaves Eliminate Blind-Signing

‍

By creating isolated secure environments within devices people already use daily, Exclaves deliver hardware-level protection against even sophisticated malware without requiring external screens or devices.

‍

Exclaves are therefore able to eliminate the "blind signing" vulnerabilities of hardware wallets by enabling secure transaction verification on existing full-sized displays, while simultaneously leveraging Apple's robust biometric authentication and device encryption to mitigate physical theft risks.

‍

The Exclave already demonstrated that for camera indicators on the iPad Pro M4, Apple has the technological foundation to implement this secure visualization and input channel. By leveraging the same security architecture that makes the indicator lights tamper proof, wallets can create a solution that offers hardware wallet-like security with the superior user experience of a full-sized display—squashing the vulnerability bug that led to countless major exchange and wallet breaches.

‍

The Ultimate Evolution: Exclaves + MPC

‍

Perhaps most significantly, the combination of Exclaves with Multi-Party Computation (MPC) represents the inevitable future of high-security self-custody. This powerful pairing creates a security architecture that's greater than the sum of its parts – Exclaves provides the secure execution environment that addresses MPC's traditional vulnerability to device compromise, while MPC's distributed key management eliminates the single point of failure inherent in any individual device solution.

‍

This synergy delivers the very best grade of security while maintaining remarkable usability compared to traditional multi-signature setups. As both technologies mature, we anticipate this approach becoming the gold standard for high-value digital asset storage, offering a compelling solution for family offices, DAOs, corporate treasuries, and security-conscious individuals. The combination effectively "squares the circle" of digital asset security by providing the control of self-custody, the security of cold storage, and usability approaching that of custodial solutions – a breakthrough that will dramatically accelerate institutional and mainstream adoption of self-sovereign digital asset management.

‍

In combining many layers of secure verification including our secure tMPC, Intel SGX (an existing and well-known secure enclave solution for servers) and built-in blind signing protections in partnership with Blockaid, io.finnet is paving the way to the future of advanced self custody without custodial risk.

‍

Ongoing Research on Exclaves

‍

It's important to note that our understanding of Exclaves is continuously evolving. This analysis incorporates information from Apple's open-source XNU code releases, community research from groups like Asahi Linux, and feedback from security researchers. As with any cutting-edge security architecture, some details remain speculative until confirmed through further research or official documentation.

‍

Recent analysis from security researchers at Asahi Linux has provided deeper insights into how Exclaves operate within Apple's architecture. Their work suggests that rather than creating entirely new privilege levels, Apple has cleverly extended the capabilities of existing security technologies like SPTM (Secure Page Table Monitor) and GXF (Guarded Execution) to create these isolated execution environments. This helps explain how the technology achieves its security goals while maintaining compatibility with Apple's existing security architecture.

‍

While Apple has not yet published comprehensive technical details about Exclaves themselves, the security community is very actively working to understand its implementation and implications. This article represents our current understanding, which may be refined as new information emerges.

‍

Keep Your ‘Self-Custody Game’ Up-to-Date

‍

Learn about how we adopt all the latest security trends such as Exclaves to take your protection seriously as part of our Trustless MPC (tMPC) platform and ideology. Get started today with iofinnet.com.

‍

Written by Luke Plaster, 

Chief Security Architect at io.finnet