https://www.usenix.org/conference/usenixsecurity17/technical...
The researchers made an app that can run as a normal user and extract the hardware enclave’s private key.