By Jonny Evans,
Appleholic, (noun), æp·əl-hɑl·ɪk: An imaginative person who thinks about what Apple is doing, why and where it is going. Delivering popular Apple-related news, advice and entertainment since 1999.
A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.
The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.
It’s not an easy hack:
Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard ‘debugging’ USB-C cable and run a version of a jailbreaking software package during startup.
It’s also important to note that not all Macs are vulnerable to this claimed attack. Apple Silicon Macs may not be impacted while those running more recent iterations of the chip are not impacted.
Finally, if you are using FileVault to encrypt your Mac then attackers won’t have access to the data held there, though they may try installing malware.
A post from a Belgian security researcher tells us this works because:
The researcher claims this means a hacker armed with this exploit that gains physical access to a Mac can break into the system, access files, alter macOS and even load arbitrary kexts.
The vulnerability will not impact Apple Silicon Macs, the researcher said, nor can it be performed remotely, says the researcher – who claims to have gone public with the news because Apple failed to respond when it was informed of the flaw.
What makes these claims a little more convincing is that the developers of a soon to be announced data recovery tool claim to have found a way in which they can sometimes scan and extract data from devices protected by the T2 encryption chip.
The T2 kicks in when you launch your Mac and the Apple logo appears. It acts as the root of trust and validates the entire boot process, checking security components and verifying legitimacy as it does.
The best way to see the T2 is that it is a gatekeeper designed to maximize hardware and software security. This is why the identification of such a vulnerability may be a problem.
The chip uses Apple’s Security Enclave to handle your device’s encryption keys, biometric ID, and secure boot processes. It also integrates controllers such as the system management controller, image signal processor, audio controller, and SSD controller. Apple published a white paper describing how the T2 chip works in 2018 which it makes available here.
“The features of the Apple T2 Security Chip are made possible by the combination of silicon design, hardware, software, and services available only from Apple. These capabilities combine to provide unrivalled privacy and security features never before present on Mac,” Apple has previously said.
There doesn’t seem to be any need for wide panic. The complex nature of this vulnerability suggests it is unlikely to be a problem for the majority of Mac users, particularly as it requires physical access to the machine.
It may however be a cause for concern among users handling highly confidential information that may ordinarily see themselves as potential targets for criminals or state actors.
At present, the best advice for any Mac user is to avoid leaving your Mac unattended and to avoid using a USB-C cable with your computer unless you are confident you know where it has been. It may be of help to reset the system management chip (SMC) on your Mac.
It also makes sense to enable FileVault encryption on the machine.
The researcher claims Apple is unlikely to be able to protect against this vulnerability with a software patch, Apple hasn’t confirmed or denied that claim, which is why the researcher claims it has gone public with the task.
Apple has issued no comment regarding the claimed vulnerability at time of writing.
Jonny is a freelance writer who has been writing (mainly about Apple and technology) since 1999.
Copyright © 2020 IDG Communications, Inc.
Copyright © 2020 IDG Communications, Inc.