A little over two years ago, Apple launched the T2, a chip designed to improve the security of the company’s Mac computers.
Now, however, the Belgian security researcher Niels Hofmans claims to have found a serious vulnerability in the T2 chip which, in the worst case scenario, could be used by hackers to bypass passwords and encryption. If an attacker has physical access to the Mac, he can install a keylogger, change installations or install his own kernel extensions.
The process is based on the same Checkm8 exploit that makes it possible to jailbreak certain iOS devices – which isn’t as odd as it sounds, given that the T2 is based on the A10 chip found in some older iPhones and iPads.
All Intel Macs whose T2 chip is based on the old A10 chip from Apple are affected, including models from 2020. Only upcoming Macs with newer chips will (probably) no longer be susceptible to attacks.
How great is the danger?
“Be aware that this is a perfectly possible attack scenario for state actors,” says Hofmans. “I have sources that say more news is on the way in the upcoming weeks. I quote: be afraid, be very afraid.”
So yes, the flaw has the potential to cause serious problems. But it is relatively easy to protect yourself.
Physical proximity to the Mac is necessary for the attack, so Hofmans recommends that unauthorised persons not be allowed access to any T2-based Macs. If you suspect you have been affected, it would be wise to reinstall bridgeOS on your Mac using the Apple Configurator utility, and to reset the SMC.
Response from Apple
Niels Hofmans has shared his discoveries with Apple, but remains unsatisfied with the reaction: he says he reported the flaw on 18 August 2020 but even after several inquiries there has been no response so far. Hopefully the vulnerability will be cleared up eventually; until then, the recommendation is not to connect unsafe accessories or allow unauthorised persons physical access to any T2-based Macs.
This isn’t the first criticism levelled at the T2. Back in May we covered reports that the chip is a nightmare for Mac repairers.