Apple's T2 Security Chip Vulnerable to Attack Via USB-C

[bradl]

For the amount of money I paid for my MacBook Pro, Apple better issue some kind of recall program. This is unacceptable.

Agreed. I was finally going to pull the trigger earlier this year to replace my mid-2011 MBA. I decided to wait because of what they announced, especially with Apple Silicon. I'm glad I waited.

However, my wife couldn't wait, as her 2012 MacBook died, and she needed a replacement. She pulled the trigger on the 16" MBP. with her health issues, she doesn't want to risk that being hacked.

BL.

 

[bradl]

It's not as if USB has never been implicated in any type of security vulnerability prior to this.

True, but you're basically suggesting to use a bandaid to repair an ACL tear due to shrapnel piercing the leg. You're taking care of the exterior, top-level wound, while ignoring the internal injury.

BL.

 

[gplusplus]

Agreed. I was finally going to pull the trigger earlier this year to replace my mid-2011 MBA. I decided to wait because of what they announced, especially with Apple Silicon. I'm glad I waited.

However, my wife couldn't wait, as her 2012 MacBook died, and she needed a replacement. She pulled the trigger on the 16" MBP. with her health issues, she doesn't want to risk that being hacked.

BL.

Not to mention, nobody needs any additional stress right now.

In my case, I actually depend on the T2 chip for security compliance. I’m not entirely sure what my next steps are. I’m really hoping Apple makes a statement, and a positive one, at that.

 

[I7guy]

True, but you're basically suggesting to use a bandaid to repair an ACL tear due to shrapnel piercing the leg. You're taking care of the exterior, top-level wound, while ignoring the internal injury.

BL.

As someone else said, this is an industry wide issue. However, without the USB port, the attack vector would be what?

 

[btrach144]

I do work for a company that takes security very seriously and also manages government accounts.
[automerge]1602607765[/automerge]




Why do you have to shoehorn another manufacturer? To deflect? I don't care about intel, I care about my MBP 16" workstation.

Then you should throw away your iPhone as well. There is an Israeli security company that buys security exploits from "hackers" and then in turn sells them for millions of dollars to governments so they can presumably spy on foreign governments and likely other things.

Wanna know what happened? They stopped buying new exploits because they said they already have more than enough. AKA, iOS and iPadOS alone are riddled with security exploits that Apple doesn't know about and can't patch meanwhile bad actors are exploiting them. Business is more than good in this sector right now.

My point is, every piece of security is flawed. It's using a ringed approach that has multiple layers that is the best course of action. A fence is easy to climb over but it slows down the burglar. The front door lock can be picked but it again slows down the burglar.

 

[v3rlon]

I do work for a company that takes security very seriously and also manages government accounts.
[automerge]1602607765[/automerge]




Why do you have to shoehorn another manufacturer? To deflect? I don't care about intel, I care about my MBP 16" workstation.

The point was that intel had a couple of famous hardware issues in the past, and no recalls happened. To be fair, they aren't the only ones.

Engineers who had depended on intel powered computers didn't get replacements. It seems unlikely that we will. I might also point out that there IS in intel chip in all MBP 16" models.

 

[saronian]

I'm most worried about laptop theft where a once unusable and remotely erasable device can now be fully and easily accessed. Perhaps a separate password for the ports?

 

[MallardDuck]

Kinda makes the remote work concept difficult to achieve for many people.
[automerge]1602608231[/automerge]

If you mean remote control of an unattended machine, that already needs to be in a secured location.
[automerge]1602616644[/automerge]

For the amount of money I paid for my MacBook Pro, Apple better issue some kind of recall program. This is unacceptable.

Never happen.

 

[MallardDuck]

Then you should throw away your iPhone as well. There is an Israeli security company that buys security exploits from "hackers" and then in turn sells them for millions of dollars to governments so they can presumably spy on foreign governments and likely other things.

Wanna know what happened? They stopped buying new exploits because they said they already have more than enough. AKA, iOS and iPadOS alone are riddled with security exploits that Apple doesn't know about and can't patch meanwhile bad actors are exploiting them. Business is more than good in this sector right now.

My point is, every piece of security is flawed. It's using a ringed approach that has multiple layers that is the best course of action. A fence is easy to climb over but it slows down the burglar. The front door lock can be picked but it again slows down the burglar.

Yup, it's all about the threat model. This isn't remotely exploitable, and doesn't expose FileVault. It gives access to a running machine (which a number of other vulnerabilities do as well).

I wonder how many of the people up in arms about this still use an 8 character password to unlock it (or touchid).

 

[rezenclowd3]

So you're not buying macs anymore?

Correct, and we stopped selling. We discourage repairs of any USB C Apple laptop.

 

[robinp]

And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?

This is a really weird reply. I honestly don’t know and don’t really care

 

[G725]

This attack is not using "special debug pins within a USB-C port". It is using the same pins that are also used in daily use.

 

[otternonsense]

This is a really weird reply. I honestly don’t know and don’t really care

Then.. don't reply to something you don't understand?

 

[Chocomonsters]

And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?

Automobile locks can be easily picked. House lock with tumbler lock mechanism can be picked. These cannot be patched. As consumers, we recognize that these provided basic protection but not breach proof security.

It is what it is with T2. Don't expect iPhone to be a Swiss vault. Don't store national security, your financial info, proprietary business information, and etc.

No different than Intel TB/Zero Day/Meltdown/Spectre vulnerability.

I won't be storing any financial information other than simple credit card on iPhone.

 

[kc9hzn]

The funny thing is that this is not the first time a rogue external accessory has been a threat vector, and the T2’s unpatchable firmware is because of similar attack vectors (including one a few years ago that targeted Thunderbolt and rewrote device firmware). (And unpatchable exploits delivered via USB-C is not just an Apple thing, first revision Nintendo Switch consoles shipped with an unpatchable bug in their Tegra chip set that enabled piracy.)

In general, this isn’t terribly exploitable, especially since it can’t decrypt FileVault 2. You’d have to have a malicious USB-C device capable of holding your malicious payload and still function as a normal USB-C cable/accessory (probably accessory, since you’d need some physical space for the chip holding your payload, and you’d want it to not be suspicious). As an everyday user, unless you’re leaving your laptop around the coffee shop unattended or are buying dodgy USB-C accessories from Amazon or Wish, there’s no wish. It would be most viable as a targeted attack against specific individuals, which would require separating the machine from the user. You could do it at an airport or border crossing, swap out some dissident’s cable for the exploit. But if they were at all security conscious, they’d likely not trust the cable/accessory. Really, this exploit isn’t really exploitable outside of a targeted espionage campaign.

 

[amartinez1660]

As if. Intel didn't recall all their CPUs when the vulnerabilities were found, did they?

I have a Mac mini 2018 with the T2 chip. I am not worried. However, my overall concern is that Apple's continued drive for these custom co-processors may ultimately come back to harm them. This is a relatively low-risk vulnerability - physical access is required, and even then additional physical access attempts need to be made to actually execute on things like file decryption.

My point is that at some point, all these additional ROM-style security measures may eventually reach a point where a major vulnerability (like remote code execution) occurs. if the chip can't be patched, there is no solution. And the T-series chips do the drive encryption - as we've seen w/ other systems, if the motherboard fails so does the SSD because there isn't a recovery method. So you could theoretically reach a point where you have systems seriously vulnerable that cannot be repaired w/o requiring a massive, time-consuming repair and data backup/recovery process.

I appreciate Apple's efforts - but damn, they really can pigeonhole themselves on certain issues (on top of adding inconvenience to some users).

I just hope they don’t circumvent the use of the chip for the sake of security vs performance trade-off (like it happened with the x86 vulnerability hack where some performance was lost if I recall correctly to make it safer against said exploit?). Or at least lets us choose.
The T2 chip does a lot more than just encrypting/decrypting. It is my understanding that besides that it alsohandles many things like like all the audio signal processing, image processing and video encoding/decoding, the always on Hey Siri, etc... for sure all 2020 iMacs would chug a little more if all of that would get to be offloaded back to the CPU.

 

[Nacho1234]

So the T2 chip that is supposed to make the system safer has actually made it weaker?

How did it make the system weaker? This kind of exploit is much easier to achieve on computers without T2, where you dont even need physical access. You can not access data still, the only thing you can do is install a keylogger, to look for the password. If you enter the password via Touch ID, the logger is useless. Once the hacker figured out what is the password they will need physical access to the Mac again. I think it is, still pretty secure.

 

[AndiG]

So the T2 chip that is supposed to make the system safer has actually made it weaker?

The Mac follows the iPhone design, same components, higher income. The T2 also includes the storage controller for the flash chips/ssd (same as iPhone) additionally the users are blocked from upgrading their systems easily (by just swapping an M2 SSD). It also gives Apple total control over your Mac - it doesn‘t give you total control, cause you don‘t control the T2.
And yes the T2 weakens the security just because it is silicon and cannot be upgraded or fixed. But there is no bug free software in the world (maybe TeX) - so it is always a matter of time until something gets hacked.

 

[robinp]

Then.. don't reply to something you don't understand?

Nothing about my reply was incorrect. I understood enough to know that Apple Silicon Macs will not have T2 (or T3 chips).

Why you then decided to try to have a discussion about something else I do not know. Perhaps because you want an argument? I'm not interested.

 

[chocolaterabbit]

Agreed. I was finally going to pull the trigger earlier this year to replace my mid-2011 MBA. I decided to wait because of what they announced, especially with Apple Silicon. I'm glad I waited.

However, my wife couldn't wait, as her 2012 MacBook died, and she needed a replacement. She pulled the trigger on the 16" MBP. with her health issues, she doesn't want to risk that being hacked.

BL.

Any T2 mac is still orders of magnitude more secure than your MBA or Macbook. In fact, the longer you wait to upgrade the more likely you will be hacked.

 

[chocolaterabbit]

For the amount of money I paid for my MacBook Pro, Apple better issue some kind of recall program. This is unacceptable.

Instead of panicking maybe calm down and read what the hack actually is. You need this brick to physically connect to your computer. It can't decrypt your files. It can't get your passwords unless you type them. It can't enter your fingerprint into touchid for you. It goes away after rebooting. Basically, it's less secure than before but it's still a lot more secure than pre T2 macs.

 

[bradl]

Any T2 mac is still orders of magnitude more secure than your MBA or Macbook. In fact, the longer you wait to upgrade the more likely you will be hacked.

Again, I agree. What I'm waiting on is Apple Silicon, so I can get a solid compare between that and the last remaining Intel CPUs they'll be using. Silicon will help me to future-proof, so I would rather wait until that is out than pull the trigger on something now, has an unfixable hardware vulnerability, and have to upgrade again 2 years later, especially since my MBA has lasted me 9 years (longer than any PC or linux box I have ever built).

I don't travel with it much (thanks to COVID, that much is even less now), so it sits on my desk, without any plans to take it anywhere. I can wait the next 3-4 months.

BL.

 

[MallardDuck]

Correct, and we stopped selling. We discourage repairs of any USB C Apple laptop.

wow, so you've abandoned the entire line. What windows machines are you using?

 

[August West]

I knew hanging on to my ancient Mini and MB Air and not upgrading to modern machines would pay off someday.

 

[gplusplus]

Instead of panicking maybe calm down and read what the hack actually is. You need this brick to physically connect to your computer. It can't decrypt your files. It can't get your passwords unless you type them. It can't enter your fingerprint into touchid for you. It goes away after rebooting. Basically, it's less secure than before but it's still a lot more secure than pre T2 macs.

Instead of assuming that the entire world revolves around you, maybe calm down and realize that I have different requirements than you do. Good for YOU that it doesn’t affect YOU, but now I have a compliance issue on my hands.