ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Security flaws with Apple’s T2 chip

When it comes to security, Apple still sets a high level.
However there are now issues with the T2 security chip
that cannot be ironed out at all. This could allow hackers
to compromise T2-equipped devices easily via USB.

The main problem is that the T2 chip has a read-only section. All Macs sold since 2018 contain the T2 chip, and because the attack uses code in the read-only memory section of the chip, there is no way for Apple to patch it away.

However it would need the help of two other exploits to allow the hacker to even deploy malware like keyloggers etc.

ZDNet states the following in their post:

The attack requires combining two other exploits that were initially used for jailbreaking iOS devices — namely Checkm8 and Blackbird. This works because of some shared hardware and software features between T2 chips and iPhones and their underlying hardware.

According to a post from Belgian security firm ironPeak, jailbreaking a T2 security chip involves connecting to a Mac/MacBook via USB-C and running version 0.11.0 of the Checkra1n jailbreaking software during the Mac’s boot-up process.

Per ironPeak, this works because “Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.”

“Using this method, it is possible to create an USB-C cable that can automatically exploit your macOS device on boot,” ironPeak said.

This allows an attacker to get root access on the T2 chip and modify and take control of anything running on the targeted device, even recovering encrypted data […]

The danger regarding this new jailbreaking technique is pretty obvious. Any Mac or MacBook left unattended can be hacked by someone who can connect a USB-C cable, reboot the device, and then run Checkra1n 0.11.0.

This said, you should never leave your T2-equipped Apple device unattended as someone with skills could easily gain control over your device using the exploits mentioned above.

ironPeak also made a good statement in this post:

Recent Macs (2018-2020, T2 chip) are no longer safe to use if left alone and physical access was possible, even if you had them powered down.

  • The root of trust on macOS is inherently broken
  • They can bruteforce your FileVault2 volume password
  • They can alter your macOS installation
  • They can load arbitrary kernel extensions

Conclusion: At the moment there’s nothing you can do about it except for buying a new Apple device with an updated T2-chip which can be a very pricey option. If Apple is going to do something about it on their own, is doubtful. Maybe another big lawsuit heading towards Apple enforced by a lot of angry MAC users might move Apple to either offer a replacement option or some other compensation for the security trust they’re now subject to.

October 7, 2020 Netspark - 1594 posts - Member since: May 9th, 2011 No Comments »

Rockbottom!Very badBadAverageGoodVery goodAwesome! (2 votes, average: 5.50 out of 7)
FILED UNDER :Computer , Curiosities , News , Technology
TAGGED WITH : , , , , , ,

Leave a comment