T2 chip security vulnerability could let local attackers hack Macs

The Apple T2 chip could be the source of mysterious crashes afflicting two of Apple’s newest computers.
Photo: IFIXIT

Security researcher Niels Hofmans of ironPeak has confirmed a T2 chip security flaw. These chips have been found in all new model Macs made since 2018.

At its worst, the vulnerability — which is reportedly “unpatchable” — could allow an attacker to interfere with Macs in “classic evil maid” attacks involving an unintended computer. This might open the door for new ways for law enforcement to access suspects’ Macs to retrieve information, for example.

A report from ZDNet notes:

“The attack requires combining two other exploits that were initially designed for jailbreaking iOS devices — namely Checkm8 and Blackbird. This works because of some shared hardware and software features between T2 chips and iPhones and their underlying hardware.

According to a post from Belgian security firm ironPeak, jailbreaking a T2 security chip involves connecting to a Mac/MacBook via USB-C and running version 0.11.0 of the Checkra1n jailbreaking software during the Mac’s boot-up process.

Per ironPeak, this works because “Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.”

Is this a risk to average users?

While any security flaw is bad news, this is unlikely to impact typical users. That’s because it requires someone to physically connect to a Mac using a USB-C cable. They would then have to reboot the device and run Checkra1n 0.11.0.

However, it’s still not great to hear that a person with access to the T2 chip could gain full root access and kernel execution privileges to a Mac. This could be used to, for instance, steal passwords by way of a key logger. For a chip that was created to add extra security for the Mac, that’s likely something Apple is not going to be too happy to hear about.

According to Niels Hofmans, this security vulnerability has been disclosed to Apple before, but it has yet to respond. This could be because Apple is working on a patched T2 chip for use in future Macs.

In the meantime, it’s a reminder to never let anyone plug an untrusted peripheral into your Mac. You never know what it could be delivering!

Source: IronPeak



Recent Articles

Meizu Watch to open a new chapter in the smartwatch industry – see you in Q4 2020

A few months ago, Meizu officially announced that it will release the “Flyme for Watch” system in Q4 2020. The Flyme OS is Meizu’s...

Hot Exoplanet Smaller than Earth Found Orbiting Nearby Red Dwarf | Astronomy

An international team of astronomers has discovered a hot terrestrial planet orbiting the rapidly-rotating low-mass star TOI-540. An artist’s impression of the hot rocky exoplanet...

Universal Pushes Jurassic World: Dominion To June 2022

Jurassic World: Dominion has been delayed by Universal due to the ongoing Coronavirus pandemic. After Regal and Cinemark made the decision to close their doors...

India approves Apple partners and Samsung for $143 billion smartphone manufacturing plan – TechCrunch

Samsung and three major contract manufacturing partners of Apple are among 16 firms to win $6.65 billion incentives under India’s federal plan to...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox