The Apple T2 security chip is fatally flawed according to a blog from Niels Hoffman at Belgian cybersecurity services company ironPeak Consulting. It basis its analysis of work carried out by five Twitter researchers, twitter.com/axi0mx, twitter.com/h0m3us3r, twitter.com/aunali1, twitter.com/mcmrarm and twitter.com/su_rickmark.
The flaw affects the majority of Apple iMac, Mac minis, MacBook and MacBook Pro computers manufactured since 2018. The flaw is in the T2 security processor, which means it cannot be patched. Additionally, as the chip is soldered to the motherboard, it can’t be replaced. To see if a computer is affected, users can check About This Mac, System Report, Controller. It will show the model of the Apple security processor that is installed.
There is good news for Apple aficionados. The T2 security processor is based on the A10 processor. In the next generation of Apple computers, it is expected to move to the A12. At this point, there is no reason to believe that it is also affected. However, until devices ship and researchers can begin to test, this is not confirmed.
What is the problem with the Apple T2?
Hoffman says that the T2: “Performs a predefined set of tasks for macOS such as audio processing, handling I/O, functioning as a Hardware Security Module for e.g. Apple KeyChain or 2FA, hardware accelerating media playback, whitelisting kernel extensions, cryptographic operations and ensuring the operating system you are booting is not tampered with. The T2 chip runs its own firmware called bridgeOS, which can be updated when you install a new macOS version.”
The image below shows what the T2 controls during the boot phase.
The problem with the T2 is in the mini operating system it uses. Hoffman calls out two issues:
- The checkm8 exploit. This vulnerability allows the checkra1n exploit to attack the T2 chip. This exploit allows an attacker to get around the activation lock. It means they can reset stolen devices to be sold later. This exploit is effective against all devices up to iPhoneX.
- The blackbird vulnerability is explained in the PDF that the Pangu team presented in July at MOSEC 2020. As part of that presentation, they also demoed an attack showing how to circumvent the Secure Enclave Processor and put the device into the Device Firmware Update (DFU) mode.
What does a success attack mean?
Once the device is in DFU mode, an attacker can run unsigned code and gain full root and kernel privilege escalation privileges. It allows them to take control of the device but not, as Hoffman points out, immediately access your data if you have FileVault2 (who doesn’t?) turned on. However, they can inject a keylogger to get your password and retrieve that during a later attack.
Hoffman goes on to say that other actions include:
- The functionality of locking an Apple device remotely (e.g. via MDM or FindMy) can be bypassed (Activation Lock).
- A firmware password does not mitigate this issue since it requires keyboard access, and thus needs the T2 chip to run first.
- Any kernel extension could be whitelisted since the T2 chip decides which one to load during boot.
Of more concern to many is that this is not an exhaustive list of attacks. Hoffman goes on to say: “While this may not sound as frightening, be aware that this is a perfectly possible attack scenario for state actors. I have sources that say more news is on the way in the upcoming weeks. I quote: be afraid, be very afraid.”
How is the device attacked?
The good news is that this attack has to be done at the physical layer. An attacker needs physical access to a device to launch the attack. As Hoffman points out, however, the bad news is that they don’t necessarily need to be present when the attack occurs. “If the attack is able to alter your hardware (or sneak in a malicious USB-C cable), it would be possible to achieve a semi-tethered exploit.”
Hacker Warehouse has been selling the USB Ninja Cable for some time. The attacker can embed malware into the innocent-looking cable. Once connected to the target device, the malware is installed. The cable that Hacker Warehouse currently offers is not a USB-C, but it would take little effort to change that.
What does Apple say?
Nothing. Complete radio silence. Like other publications, Enterprise Times has emailed Apple PR looking for a response and hasn’t even received an acknowledgement of the email. This, however, is not unusual. Apple PR is notorious for not getting back to media on stories it considers will tarnish the brand.
Of greater concern is the statement from Hoffman that: “I’ve reached out to Apple concerning this issue on numerous occasions, even doing the dreaded cc firstname.lastname@example.org to get some exposure. Since I did not receive a response for weeks, I did the same to numerous news websites that cover Apple, but no response there as well.
“In hope of raising more awareness (and an official response from Apple), I am hereby disclosing almost all of the details. You could argue I’m not following responsible disclosure, but since this issue has been known since 2019, I think it’s quite clear Apple is not planning on making a public statement and quietly developing a (hopefully) patched T2 in the newer Macs & Silicon.”
Enterprise Times: What does this mean?
Many still believe that by owning and using a Mac, they are somehow immune from the constant wave of malware that bedevils Windows users. While it might once have been partially true, it is no longer the case. Apple’s success has brought about an increasing number of effective attacks against all of its devices from phones to computers.
Apple is always quick to talk about how privacy and security are at the heart of what it does. It is why it has steadfastly refused to unlock devices in criminal and terrorist investigations. It claims that its security is so absolute it cannot do so. However, vulnerability shows, it is not immune to errors that make devices vulnerable to attack.
One issue for Apple is that, as Hoffman says, it has been known about since 2019. At that point, Apple would have frozen the firmware for its devices and already be working on the next generation of motherboards. Changing a processor would have severely impacted the supply chain, and that would have had serious market implications. Even acknowledging the flaw would have had an impact on the Apple share price.
However, failing to even acknowledge Hoffman and other researchers to assure them this was being dealt, with is equally a failure. It raises questions of priorities of user security over the impact on the sales channel. Apple is unlikely, at this stage, to respond to any media over this issue. For now, Apple owners with T2 security chips need to think about where they leave their devices.