All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Upgrade the memory of your 2018 Mac mini up to 64GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1998 $1798
SAVE $200

$4499 $2999
SAVE $1500

$1799 $1599
SAVE $200

$3498 $2998
SAVE $500

$2198 $1748
SAVE $450

$898 $698
SAVE $200

$2999 $1699
SAVE $1300

$799 $529
SAVE $270

$2397 $2197
SAVE $200

$130 $100
SAVE $30

$2397 $2197
SAVE $200

$1697 $1597
SAVE $100

$2998 $2798
SAVE $200

$2198 $1748
SAVE $450

$1799 $1599
SAVE $200

$2198 $1898
SAVE $300

Apple T2 Chip: Unfixable Security Flaw that Gives Attacker Full Control

If you have a castle with nuclear proof walls and a mile-deep moat... well, just fly a helicopter in, or wait till someone there does a DoorDash.

Or... let sloppy engineering do the work for you, as in this case—it’s a brain-dead screwup by Apple.

The vaunted Apple T2 chip on systems with an Intel process and Apple T2 chip apparently can be rooted with a relatively straightforward attack, child’s play for a state actor, and maybe for any good hacker. All you have to do is to get someone to plug in a USB-C cable or flash drive or whatever.

Crouching T2, Hidden Danger

Let’s talk about that thing nobody’s talking about. Let’s talk about a vulnerability that’s completely exposing your macOS devices while most are declining to act nor report about the matter. Oh, and did I mention it’s unpatchable?

...

Intel vs Silicon

This blog post only applies to macOS systems with an Intel processor and the embedded T2 security chip. Apple silicon systems will run completely on a set of Apple-designed ARM processors and thus will use a different topology based on e.g. the A12 chip. Since the A12 chip seems to have fixed this issue (to be confirmed), it’s highly likely the new Apple Silicon machines will not be vulnerable. And while the new upcoming Intel Macs at the end of year will probably receive a new hardware revision of the T2 chip (e.g. based on the A12), we are still stuck with this vulnerability on Macs between 2018 and 2020.

...

Debugging vulnerability

Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication... Using this method, it is possible to create an USB-C cable that can automatically exploit your macOS device on boot(!)

...

Once you have access on the T2, you have full root access and kernel execution privileges since the kernel is rewritten before execution. Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately. They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.

•  The functionality of locking an Apple device remotely (e.g. via MDM or FindMy) can be bypassed (Activation Lock).

•  A firmware password does not mitigate this issue since it requires keyboard access, and thus needs the T2 chip to run first.

•  Any kernel extension could be whitelisted since the T2 chip decides which one to load during boot.

•  If the attack is able to alter your hardware (or sneak in a malicious USB-C cable), it would be possible to achieve a semi-tethered exploit.

While this may not sound as frightening, be aware that this is a perfectly possible attack scenario for state actors. I have sources that say more news is on the way in the upcoming weeks. I quote: be afraid, be very afraid.

I’ve reached out to Apple concerning this issue on numerous occasions, even doing the dreaded cc tcook@apple.com to get some exposure. Since I did not receive a response for weeks, I did the same to numerous news websites that cover Apple, but no response there as well. In hope of raising more awareness (and an official response from Apple), I am hereby disclosing almost all of the details. You could argue I’m not following responsible disclosure, but since this issue has been known since 2019, I think it’s quite clear Apple is not planning on making a public statement and quietly developing a (hopefully) patched T2 in the newer Macs & Silicon.

...

MPG: why is Apple not commenting or responding?



Deals Updated Daily at B&H Photo
View all handpicked deals...

FUJIFILM GFX 50R Medium Format Mirrorless Camera
$4499 $2999
SAVE $1500

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__