Apple’s T2 security chip, found in iPhones and Macs, has an unfixable security flaw

Apple, just lately, has been all about security, and privacy, and encryption, and more security. But the company’s handsets have had a flaw for some time — a flaw that has now made the jump to Apple’s Mac lineup, putting those machines at risk at a hardware level. The issue? Apple’s T2 security chip. And the bigger problem? It can’t be fixed.

It’s quite a job, security

Apple’s been using the T2 security chip, which secures everything from stored data encryption, Touch ID and Apple’s Activation Lock (which works with the ‘Find My Device’ feature Apple’s devices er… feature), in its iPhones for ages. But the chip has also been instrumental in jailbreaking iPhones, thanks to a vulnerability called Checkm8, developed by a group known as Checkra1n. And now, that same group has released the same exploit for Apple’s Mac range, which recently saw the introduction of the T2 chip beyond just the iMac.

The jailbreak could be used for fairly innocent purposes — to scrutinise Apple’s T2 chip, for example, or to run Doom on the Mac Pro’s touchbar. It could also be used to disable Apple security features, or to access the company’s FileVault encryption keys, by more malicious actors.

T2, take two

One of the Checkra1n researchers, speaking to Wired, said “It’s a unique chip, and it has differences from iPhones, so having open access is useful to understand it at a deeper level. It was a complete black box before, and we are now able to look into it and figure out how it works for security research.”

But, while the T2 vulnerability cannot be fixed (Wired reports that “The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware”), it’s not really the end of the world. In order to implement Checkm8 on a Mac, someone would need access to the physical machine. Then, the Checkm8 tool needs to run on a different machine connected to the target over USB. Finally, the jailbreak isn’t permanent — it only lasts until Apple’s T2 chip is rebooted — which it doesn’t do every time the machine its installed on does. So a reboot won’t fix your issues.

In addition, if a Mac is compromised, user data isn’t immediately open to everyone who wants it. Instead, the exploit can be used to install a keylogger or other malicious software, which isn’t immediately awful. You’ve still got a chance of detecting it — there are more hectic exploits out there. But this one is built-in to Apple hardware carrying the T2 chip, and has the potential to have more aggressive exploits developed around it — and that’s something you need to be aware of.

Source: Wired