{"id":22368,"date":"2020-10-07T11:10:47","date_gmt":"2020-10-07T09:10:47","guid":{"rendered":"https:\/\/blog.netspark.de\/?p=22368"},"modified":"2020-10-07T11:10:47","modified_gmt":"2020-10-07T09:10:47","slug":"security-flaws-with-apples-t2-chip","status":"publish","type":"post","link":"https:\/\/blog.netspark.de\/?p=22368","title":{"rendered":"Security flaws with Apple’s T2 chip"},"content":{"rendered":"

\"\"When it comes to security, Apple still sets a high level.
\nHowever there are now issues with the T2 security chip
\nthat cannot be ironed out at all. This could allow hackers
\nto compromise T2-equipped devices easily via USB.<\/p>\n

The main problem is that the T2 chip has a read-only section. All Macs sold since 2018 contain the T2 chip, and because the attack uses code in the read-only memory section of the chip, there is no way for Apple to patch it away.<\/p>\n

However it would need the help of two other exploits to allow the hacker to even deploy malware like keyloggers etc.<\/p>\n

ZDNet states the following in their post<\/a>:<\/p>\n

\n

The attack requires combining two other exploits that were initially used for jailbreaking iOS devices<\/a> \u2014 namely Checkm8<\/a> and Blackbird. This works because of some shared hardware and software features between T2 chips and iPhones and their underlying hardware.<\/p>\n

According to a post from Belgian security firm ironPeak<\/a>, jailbreaking a T2 security chip involves connecting to a Mac\/MacBook via USB-C and running version 0.11.0 of the Checkra1n jailbreaking software during the Mac\u2019s boot-up process.<\/p>\n

Per ironPeak, this works because \u201cApple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.\u201d<\/p>\n

\u201cUsing this method, it is possible to create an USB-C cable that can automatically exploit your macOS device on boot,\u201d ironPeak said.<\/p>\n

This allows an attacker to get root access on the T2 chip and modify and take control of anything running on the targeted device, even recovering encrypted data [\u2026]<\/p>\n

The danger regarding this new jailbreaking technique is pretty obvious. Any Mac or MacBook left unattended can be hacked by someone who can connect a USB-C cable, reboot the device, and then run Checkra1n 0.11.0.<\/p>\n<\/div>\n

This said, you should never leave your T2-equipped Apple device unattended as someone with skills could easily gain control over your device using the exploits mentioned above.<\/p>\n

ironPeak also made a good statement in this post<\/a>:<\/p>\n

\n

Recent Macs (2018-2020, T2 chip) are no longer safe to use if left alone and physical access was possible, even if you had them powered down.<\/strong><\/p>\n

    \n
  • The root of trust on macOS is inherently broken<\/li>\n
  • They can bruteforce your FileVault2 volume password<\/li>\n
  • They can alter your macOS installation<\/li>\n
  • They can load arbitrary kernel extensions<\/li>\n<\/ul>\n<\/div>\n

    Conclusion: At the moment there’s nothing you can do about it except for buying a new Apple device with an updated T2-chip which can be a very pricey option. If Apple is going to do something about it on their own, is doubtful. Maybe another big lawsuit heading towards Apple enforced by a lot of angry MAC users might move Apple to either offer a replacement option or some other compensation for the security trust they’re now subject to.<\/p>\n","protected":false},"excerpt":{"rendered":"

    When it comes to security, Apple still sets a high level. However there are now issues with the T2 security chip that cannot be ironed out at all. This could allow hackers to compromise T2-equipped devices easily via USB.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[55,4,3,2949],"tags":[385,2601,3501,4279,1810,2373,851],"class_list":["post-22368","post","type-post","status-publish","format-standard","hentry","category-computer-2","category-curiosities","category-news","category-technology","tag-apple","tag-breach","tag-chip","tag-enclave","tag-flaw","tag-jailbreak","tag-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/22368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=22368"}],"version-history":[{"count":0,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/22368\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=22368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=22368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=22368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}