I managed fine before the T2 chip existed, I will manage fine with a T2 chip that has a vulnerability.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's T2 Security Chip Vulnerable to Attack Via USB-C
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yes. A reboot fixes it unless the device is still connected. And it’s a device, not just a cable. The cable allows the device to do what it wants to do.
Big question: does it bypass password login? If not, it requires this thing to be discretely connected directly to the usb-c on the computer and the owner not noticing. Or if I am missing something?
Tell that same thing to Intel before you start throwing stones only at Apple.
The vulnerability might be unpatchable, but for that same reason, the exploit cannot be permanent either. Restarting the computer removes it. Presumably it would be possible for it to install a keylogger which might persist, but then you could presumably then detect and remove that keylogger.
What repairs other than keyboard/screen? Everything else is soldered into the logic board. Most shops do not have the capability of replacing soldered SSD flash chip.
Another thing is that previously a stolen password protected macbook would be useless and couldn't be used by another party without replacing logic board if there was a boot password. Now that's easily by-passable.
Seems like the response could be “if T2 reboots, OS locks up?” So basically have the device kernel panic on T2 reboot?
I do work for a company that takes security very seriously and also manages government accounts.
[automerge]1602607765[/automerge]
then we should place all of our trust in intel. right? RIGHT?
Why do you have to shoehorn another manufacturer? To deflect? I don't care about intel, I care about my MBP 16" workstation.
Sure, but when it's the chip specifically meant for security, it's kind of a "you had one job!" failure.
If they have physical access, it's game over. If they have physical access to a running machine, it's definitely game over. Simple solution to this in the real world: power off the machine before you leave it unattended.
Silicon vulnerabilities were a blindspot until Spectre and Meltdown...now everyone's looking for them.
Apple definitely has software quality problems, but no more so than anyone else.
As if there weren't enough reasons to avoid those models already.
Had Apple protected the T2 with a T3, we would not be here today.
Kinda makes the remote work concept difficult to achieve for many people.
[automerge]1602608231[/automerge]
But only if that chip was protected by a T4 chip.
Oh for F sake.
After it was reported last week that Apple's T2 Security Chip could be vulnerable to jailbreaking, the team behind the exploit have released an extensive report and demonstration.
Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. It appears that since the chip is based on an Apple A10 processor, it is vulnerable to the same "checkm8" exploit that has been used to jailbreak iOS devices.
The vulnerability allows for the hijacking of the T2's boot process to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, it is possible for a hacker to circumvent this check and gain access to the T2 chip.
Once access is gained, the hacker has full root access and kernel execution privileges, although they cannot directly decrypt files stored using FileVault 2 encryption. However, because the T2 chip manages keyboard access, the hacker could inject a keylogger and steal the password used for decryption. It can also bypass the remote Activation Lock used by services such as MDM and Find My. A firmware password does not prevent this since it too requires keyboard access, which requires the T2 chip to run first.
The exploit can be achieved without user interaction and simply requires a modified USB-C cable to be inserted. By creating a specialized device "about the size of a power charger," an attacker can place a T2 chip into DFU mode, run the "checkra1n" exploit, upload a key logger, and capture all keys. macOS can be left unaltered by the jailbreak, but all keys can still be logged on Mac laptops. This is because MacBook keyboards are directly connected to the T2 and passed through to macOS.
A practical demonstration shows checkra1n being run over USB-C from a host device. The targeted Mac simply displays a black screen while the connected computer confirms that the exploit was successful.
These cables function by allowing access to special debug pins within a USB-C port for the CPU and other chips that are usually only used by Apple.
Apple has not fixed the security flaw and it appears to be unpatchable. For security purposes, the T2's SepOS custom operating system is stored directly in the chip's SEPROM, but this also prevents the exploit from being patched by Apple via a software update.
In the meantime, users can protect themselves from the exploit by keeping their Macs physically secure and avoiding the insertion of untrusted USB-C cables and devices.
Article Link: Apple's T2 Security Chip Vulnerable to Attack Via USB-C
"In the meantime, users can protect themselves from the exploit by keeping their Macs physically secure and avoiding the insertion of untrusted USB-C cables and devices."
Really helpful. Thanks. I hope Apple patches.
[automerge]1602609518[/automerge]
Right. Avoid USB-C models... so Mid 2015 MacBook Pro...
It doesn't bypass encryption, the theory is a keylogger will be used and you will simply type your password in and they could decrypt it later or perhaps get at your online accounts if you reuse your password, etc. Doesn't look like a keylogger has actually been successfully demonstrated though, or if it needs the cable plugged in at all times. Maybe if you leave your laptop around a coffee shop and they replace your cable (and probably charger) and you don't notice it they could get the keylogger put in and steal your laptop from your office or home if you're a high-value target, otherwise probably not a concern for everyone else.
Hmm... Got it. Star Trek: The Next Generation, season 2, episode 2: Where Silence has Lease.
Dr. Katherine Pulaski said:
You're essentially taking out the attack vector without fixing the source of the vulnerability, which is the T2 chip. Fix that going forward so you don't have that problem with future Macs.
However, this could lead to a recall of those affected Macs so they can be fixed. But taking out the method of which to attack doesn't fix the source of the problem.
BL.
For the amount of money I paid for my MacBook Pro, Apple better issue some kind of recall program. This is unacceptable.
It's not as if USB has never been implicated in any type of security vulnerability prior to this.