Researcher Claims There’s an Unfixable Vulnerability in Apple’s T2 Chip

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

Image: Apple

A researcher has discovered a combination of exploits that could lead to an unfixable vulnerability with Apple’s T2 security chip. Mac owners may have more to worry about than streaming Netflix in 4K now. According to researcher Niels H., the root of this comes from the T2 being based on the Apple A10 processor. The A10 is a 64-bit ARM-based SoC. That processor was known to be vulnerable to an attack called Checkm8. Got to love those clever names, right? Niels has alerted Apple to his discovery but has not heard back yet. In the meantime, he has detailed how this unique attack can happen.

How Does It Work?

He goes on to state that under normal circumstances, if the Device Firmware Update mode experiences a decryption call, it will usually stop the process. That seems like a sensible direction for a firmware update to take if things seem awry. The thing is, there’s an exploit program in the wild to override this security measure. Once these two steps are employed, and yes, physical access is key, an attacker can then inject keylogger software. Neither protected nor encrypted files, or firmware-based passwords, are safe. Once a user starts entering their credentials, all becomes accessible on a compromised device.

It gets worse. This vulnerability can also allow MDM and Find My to bypass activation locks. The researcher also claims that only a hardware fix could truly remedy this situation. The same claim was made of Checkm8. This is because the T2’s OS is hardcoded, or burned, into the ROM. There is some light at the end of this dark and gloomy tunnel. As stated before, an attacker would need access to the device to fully exploit this vulnerability. They would also need modified hardware. So, the best practice for Mac owners is to not connect unverified USB-C devices and prohibit physical access to their computers. Ultimately it’s more about common sense than anything else, and that should apply to any device with confidential information.

Peter Brosdahl
As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my dad, a used Atari 400, around 1982. Eventually it would end up being a lifelong passion of upgrading and modifying equipment that, of course, led into a career in IT support.

Recent News