Apple's T2 chip has unpatchable security flaw, says researcher
What you need to know
- Apple's T2 chip has a major security flaw.
- That's according to the findings of one security researcher.
- Apparently, the chip can be compromised using the same checkm8 exploit used to jailbreak devices running iOS.
According to a security researcher, Apple's T2 chip has a critical vulnerability that could allow a hacker to bypass a Mac's disk encryption, firmware passwords, and more.
According to Niels Hofmans at ironPeak:
Hofmans says the vulnerability is unpatchable, however is not a "persistent vulnerability". This, Hofmans states, means that for a hacker to take advantage of this, they would need a hardware insert or "other attached component" like a malicious USB-C cable to take advantage.
The report continues:
The report also says that FindMy's remote device locking feature can be bypassed if you were to misplace your Mac or have it stolen.
According to the blog, this vulnerability has been disclosed to Apple "on numerous occasions" without a response. The report postulates that Apple doesn't plan on going public with a statement and is quietly developing a new patched T2 chip for its upcoming Macs.
A T2 vulnerability has previously been alluded to by various iOS hackers, as noted by ZDNet:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
With @checkra1n 0.11.0, you can now jailbreak the T2 chip in your Mac. An incredible amount of work went into this and it required changes at multiple levels.
There’s too many people to tag, but shoutout to everyone who worked on getting this incredible feature shipped.With @checkra1n 0.11.0, you can now jailbreak the T2 chip in your Mac. An incredible amount of work went into this and it required changes at multiple levels.
There’s too many people to tag, but shoutout to everyone who worked on getting this incredible feature shipped.— Jamie Bishop (@jamiebishop123) September 22, 2020September 22, 2020
checkm8 + blackbird and the T2 SEP is all yours...checkm8 + blackbird and the T2 SEP is all yours...— Siguza (@s1guza) September 5, 2020September 5, 2020
The report says that the long and short of the exploit is that "macOS devices are no longer safe to use if left alone, even if you have them powered down." The exploit can be used to brute-force a FileVault2 volume password, alter your macOS installation, and load arbitrary kernel extensions. The report again stresses, however, that this is only possible through physical access.
In response to the post, security expert Will Strafach noted a few responses tempering alarm around the issue, stating on Twitter:
"T2 is and has been vulnerable to checkm8, released in late 2019.
Strafach echoed ironPeak's sentiment regarding Apple's failure to respond to the issue stating:
You can read the full report here.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9