A researcher has discovered a combination of exploits that could lead to an unfixable vulnerability with Apple’s T2 security chip. Mac owners may have more to worry about than streaming Netflix in 4K now. According to researcher Niels H., the root of this comes from the T2 being based on the Apple A10 processor. The A10 is a 64-bit ARM-based SoC. That processor was known to be vulnerable to an attack called Checkm8. Got to love those clever names, right? Niels has alerted Apple to his discovery but has not heard back yet. In the meantime, he has detailed how this unique attack can happen.
How Does It Work?
He goes on to state that under normal circumstances, if the Device Firmware Update mode experiences a decryption call, it will usually stop the process. That seems like a sensible direction for a firmware update to take if things seem awry. The thing is, there’s an exploit program in the wild to override this security measure. Once these two steps are employed, and yes, physical access is key, an attacker can then inject keylogger software. Neither protected nor encrypted files, or firmware-based passwords, are safe. Once a user starts entering their credentials, all becomes accessible on a compromised device.
It gets worse. This vulnerability can also allow MDM and Find My to bypass activation locks. The researcher also claims that only a hardware fix could truly remedy this situation. The same claim was made of Checkm8. This is because the T2’s OS is hardcoded, or burned, into the ROM. There is some light at the end of this dark and gloomy tunnel. As stated before, an attacker would need access to the device to fully exploit this vulnerability. They would also need modified hardware. So, the best practice for Mac owners is to not connect unverified USB-C devices and prohibit physical access to their computers. Ultimately it’s more about common sense than anything else, and that should apply to any device with confidential information.