Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Apple's T2 Security Chip Vulnerable to Attack Via USB-C

chocolaterabbit

macrumors regular
Nov 2, 2008
214
25
Instead of assuming that the entire world revolves around you, maybe calm down and realize that I have different requirements than you do. Good for YOU that it doesn’t affect YOU, but now I have a compliance issue on my hands.
Yes you’re right, i really should calm down and understand the world doesn’t revolve around me, I shouldn’t make apple recall every t2 mac just because I have a compliance issue with work that I failed to mention in my OP. Macs are popular and I’m sure they’ll figure something out.

Hold on a minute...
 

HiVolt

macrumors 6502a
Sep 29, 2008
741
2,693
Toronto, Canada
What repairs other than keyboard/screen? Everything else is soldered into the logic board. Most shops do not have the capability of replacing soldered SSD flash chip.

Another thing is that previously a stolen password protected macbook would be useless and couldn't be used by another party without replacing logic board if there was a boot password. Now that's easily by-passable.

The Mac Pro & iMac Pro have socketed SSD's. Those can't be replaced or upgraded without authorized service because of the T2 chip.
 

DanTheMan827

macrumors regular
May 9, 2012
100
99
Back in the early days of the apple store, people would connect their iPods to apple store computers in order to make copies of the software on the demo machines.
People also thought it was amusing to go to jailbreakme on all the iOS devices.
 

DanTheMan827

macrumors regular
May 9, 2012
100
99
Apple should release devices without USB. That appears to be the real issue.
You're being sarcastic, right?

The problem is that by Apple insisting on including a chip to prevent people from repairing the computer or doing any form of upgrade, they inadvertently introduced an unpatchable security flaw.
 

DanTheMan827

macrumors regular
May 9, 2012
100
99
How did it make the system weaker? This kind of exploit is much easier to achieve on computers without T2, where you dont even need physical access. You can not access data still, the only thing you can do is install a keylogger, to look for the password. If you enter the password via Touch ID, the logger is useless. Once the hacker figured out what is the password they will need physical access to the Mac again. I think it is, still pretty secure.
What's saying that this payload can't be used to install software onto the macOS partition of the SSD?

If that's possible, a company could manufacture cheap chargers or cables that automatically infect any computer they're plugged in to with a rootkit put into the OS itself
 

patent10021

macrumors 68040
Apr 23, 2004
3,112
492
Until ML/AI is used to design the chips, humans will be able to crack it. By that time, AI will be used to crack AI. This exploit would've been discovered a lot sooner had any of these security researchers been able to use their domain knowledge with ML models. For example using a corpus of all known exploits and patches with supervised learning. How many of these security researchers do you think are building ML/DL models? Globally, I bet you can count them on three fingers.
 

rehash

macrumors newbie
Oct 20, 2020
2
0
the thing is this vulnerability became public. so now every mac 2018+ user's private data have public access. which is a kinda unacceptable.

the only thing could be helpful here is to remember current os state before leaving workspace. if your mac will be hacked it should be rebooted first.
 

patent10021

macrumors 68040
Apr 23, 2004
3,112
492
the thing is this vulnerability became public. so now every mac 2018+ user's private data have public access. which is a kinda unacceptable.

the only thing could be helpful here is to remember current os state before leaving workspace. if your mac will be hacked it should be rebooted first.
This is false. Physical access is needed. So basically, you need to be a valuable asset like a president of a country or CEO of a major corporation and your computer has to be stolen and access gained. No one is going to spend their time trying to hack into Karen's Rose Macbook Air to spread her photos all over the dark web. Could be bad for corporate espionage.
 

rehash

macrumors newbie
Oct 20, 2020
2
0
This is false. Physical access is needed. So basically, you need to be a valuable asset like a president of a country or CEO of a major corporation and your computer has to be stolen and access gained. No one is going to spend their time trying to hack into Karen's Rose Macbook Air to spread her photos all over the dark web. Could be bad for corporate espionage.

physical access is not a problem. if people you live with, work with or even a housekeeper can easily gain it, everyone can.
 

patent10021

macrumors 68040
Apr 23, 2004
3,112
492
Yeah, that housekeeper ..... If your housekeeper would be the kind of person to do that and also has those technical skills, I'd be more concerned about other things.
 

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,131
2,498
Yeah, that housekeeper ..... If your housekeeper would be the kind of person to do that and also has those technical skills, I'd be more concerned about other things.
LOL, that’s right out of a Bond / Mission Impossible film.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.