A new tool is letting people exploit an unusual Mac vulnerability that bypasses Apple’s trusted T2 security chip to get access to deep systems. This is one flaw that researchers over the years have been using to jailbreak older models of iPhones. However, the T2 chip is equally vulnerable in the sense that it creates several potential threats. The worst part of this is that this flaw is unfixable in all Mac devices that have the T2 chip inside. Though Apple might control potential hackers, the flaw is unfixable.
Apple’s T2 Security Chip
The T2 chip was launched in 2017. According to Apple, the chip is a trusted mechanism for securing encrypted data storage and features like Touch ID and Activation Lock. However, the chip also contains a vulnerability. Named Checkm8, this vulnerability enables jail breakers to exploit in Apple’s A5 through A11 mobile chipsets. On Mac devices, the jailbreak allows researchers to dig deep into the T2 chip and explore its security features. They can also run Linux on the T2 chip or play Doom on a MacBook Pro’s Touch Bar.
Malicious hackers can also propagate the jailbreak, to cause more serious security malice like disabling macOS security features System Integrity Protection and Secure Boot or install malware. It can also acquire FileVault encryption keys and to decrypt any user data. The vulnerability cannot be patched, as the flaw occurs in low-level, unchangeable code for the hardware features.
“The T2 chip is like a small black box in Mac devices- a computer embedded inside the computer that handles things like Lost Mode enforcement, integrity, and other features of the computer. This chip was initially meant to be harder to break in or compromise, though now that lid has been blasted’, stated Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS.
Vulnerability in Apple’s T2 Chip
Many researchers have stated that they view the jailbreak as a necessary tool for transparency feature of the T2. “T2 is an unique chip and differs from iPhones. So, having open access is useful to understand the chip and its functionality at a deeper level. The chip was a complete black box earlier, but now after this vulnerability we can look into it and figure out its functionality in terms of security research.”
The researchers also stated that while the vulnerable T2 chip debuted in 2017 in all premium iMacs, it only recently rolled out in the entire Mac line. The older Mac devices that have the T1 chip are still unaffected. This vulnerability finding, though significant, it undermines a major security feature of newer Mac devices.
T2 Chip Has Unpatchable Security Flaw
For organizations that manage their devices with the help of Apple’s Activation Lock and Find My features, the jailbreak can be a quite problematic issue, both in terms of device theft and also other insider major threats. And it can also be a valuable jumping-off point for many attackers to take a shortcut for developing potentially powerful attacks in the devices.
This shows that the malware can run leaving no trace of malice on the hard drive and would be hard for the victims to track it down. This will create harder issues than usually perceived. However, by using a special, trusted chip to secure related processes, this can be avoided. Beyond Apple’s T2 chip, various tech organizations like Intel, Cisco and Samsung have tried using this approach and resulted in their secure enclaves defeated.