Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Apple IT Technology

Apple's T2 Security Chip Has an Unfixable Flaw (wired.com) 81

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside. From a report: In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware. "The T2 is meant to be this little secure black box in Macs -- a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise -- but now it's been done."

This discussion has been archived. No new comments can be posted.

Apple's T2 Security Chip Has an Unfixable Flaw

Comments Filter:
  • what about an hack to use non apple storage cards? on the T2 systems with apple storage slots?

    • Exactly.
      THIS IS VERY GOOD NEWS.
      You can now run Linux on the T2 Macs, like you could with pre-2018 MacBooks. Without the T2 "integrity" these are no worse than previous Apple generation hardware.

    • by d3vi1 ( 710592 )

      That is one of the most interesting usage scenarios. While a complex operation, you can upgrade the RAM on a MacBook by changing the BGA RAM chips and moving the RAMCFG resistors to a new configuration, but the on-board SSD is not upgradable since the controller can encrypts the NAND, including some of the vital information. Being able to swap the NAND to larger chips and reinitializing it in the T2 would open up some possibilities.

  • by 93 Escort Wagon ( 326346 ) on Monday October 12, 2020 @02:05PM (#60600052)

    We've heard this song before, just the orchestra has changed (again).

    Now, just think about what it would mean if - instead of a vendor's security chip - we were talking about a flaw in a government-mandated back door into all our encrypted communications [slashdot.org]. Because Apple, Intel, HP, and others will be the ones the government asks to provide that mechanism (we know that because the request has already been made).

    • HP? Who cares about them? Otherwise, you're probably on to something here.

      • I listed HP because they have also had issues with an exploitable security flaw in a low-level management system. I could also have included Dell and others.

        • Honest question: does HP even provide low-level management systems anymore that are proprietary? Or have they fully moved into selling someone else's hardware with a rebrand? I ask because, as I said before . . . who really cares about HP?

          Intel and AMD have created their own monstrosities - especially Intel.

    • It's not a flaw. It's a "Fuck Rossmann Repair Group!" feature.
      • by sjames ( 1099 )

        Actually, on the positive side, Rossmann and others will likely be able to use this feature to help people recover irreplaceable photos and other documents that the 'Geniuses' said were gone forever.

        It may also be usable to get various fruity hardware to accept functionally equivalent 3rd party replacement parts that Apple has not blessed with it's holy seal.

        Ideally, the security would have been designed with the good of the user in mind such that those things would have been possible anyway and with a fun

    • by gtall ( 79522 ) on Monday October 12, 2020 @03:34PM (#60600366)

      It isn't just the U.S. government that would request use of those back doors, so will Russia, China, Iran, etc., the usual cast of hobgobblins on the international stage. Except they won't ask, they'll just use it.

      • So just like in 1966, people won't be able to act with impunity. Be careful where you store things that might incriminate you

    • Pretty sure this is the government mandated back door.
    • Thoughtful design, with physical jumpers, would solve this. However user control, and the possibility of escape from walled gardens meant hard-crippling got the management nod. With scanning tunneling microscopes, very fine xrays, and laser drilling test points means clever people can discover weaknesses rather easily. Let us return to jumpers, so the owner can control everything.
  • Unfixable - hahaha (Score:1, Informative)

    by BitZtream ( 692029 )

    There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can't remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn't "persistent"; it ends when the T2 chip is rebooted.

    So first and foremost - it requires physical access - that makes it unlikely to be exploited to about 99.999% effectiveness.

    There is also no actual indication of why it can't be fixed in firmware - just like the last unfixable thunderbolt exploit they fixed. Even CPUs have firmware updates that can be used to mitigate these sort of 'unfixable' issues - Apple is building custom silicon and you don't think they've thought of how they could fix hardware after distribution for this problem? Really?

    • So first and foremost - it requires physical access

      A malicious USB device is enough. Social engineering may be enough to get someone to insert a USB dongle.

      • So first and foremost - it requires physical access
        A malicious USB device is enough. Social engineering may be enough to get someone to insert a USB dongle

        But it isnâ(TM)t persistent, nor can it be used to unlock encrypted files, nor can it be used to install a persistent hack; so, if you are concerned about an evil maid, or coworker, simply reboot when you come back from lunch or whatever, or just shut down before you leave. With an SSD equipped Mac, a Cold Boot only takes about 10 seconds, and MacOS can even Restore everything to the pre-shutdown state.

        Not perfect; but it will certainly do.

        • Classic apple troll. Blame the user for apples ineptitude
        • I hope you understand a persistent t2 exploit isn't necessary. You gain temporary control over (effectively) a hypervisor, you can write anything you want to the file system, RAM, etc. Drop an infection in the system, and boom. With any luck, they'll use it to flash a component's firmware to persist somehow (faking a usb bus to simulate a usb drive used in the exploit)
          • I hope you understand a persistent t2 exploit isn't necessary.

            You gain temporary control over (effectively) a hypervisor, you can write anything you want to the file system, RAM, etc. Drop an infection in the system, and boom.

            With any luck, they'll use it to flash a component's firmware to persist somehow (faking a usb bus to simulate a usb drive used in the exploit)

            You must have missed the 2 salient points:

            1. It cannot access encrypted files.

            2. It cannot be used to Install a persistent Hack.

            So, it really does seem like a fairly unhelpful vulnerability.

      • The exploit doesn't need to work remotely for it to be a problem. If the government want to silence media / bloggers / etc who have done real investigation into a politician's wrongdoings, the government can use its warrant powers or search and seizure laws to break privacy provisions. Thats the big deal here!
      • True, but the real nightmare scenario is combining a T2 exploit with a network vulnerability to mass-hijack systems or exfiltrate data. Can't do that if every device affected must have a bespoke USB device plugged in after every reboot.

    • There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can't remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn't "persistent"; it ends when the T2 chip is rebooted.

      So first and foremost - it requires physical access - that makes it unlikely to be exploited to about 99.999% effectiveness.

      There is also no actual indication of why it can't be fixed in firmware - just like the last unfixable thunderbolt exploit they fixed. Even CPUs have firmware updates that can be used to mitigate these sort of 'unfixable' issues - Apple is building custom silicon and you don't think they've thought of how they could fix hardware after distribution for this problem? Really?

      The article says the flaw is in the immutable ROM. Typically in an implementation like this you'll have a first stage bootloader that is fused into the chip that is supposed to only verify the second stage boot loader is valid. Based on what I read and have inferred (AKA, I may be wrong) it looks like the first stage bootloader is accessing the USB bus for some reason (recovery most likely).

      • Based on what I read and have inferred (AKA, I may be wrong) it looks like the first stage bootloader is accessing the USB bus for some reason (recovery most likely).

        You can actually install macOS onto USB- and Firewire-connected drives and boot from those instead of the internal drive. My iMac got an unexpected SSD upgrade like this after its internal drive died outside of warranty and I couldn't be bothered getting a pizza cutter and a new adhesive strip for the display glass from MacFixit so as to replace the internal drive "correctly."

        • Based on what I read and have inferred (AKA, I may be wrong) it looks like the first stage bootloader is accessing the USB bus for some reason (recovery most likely).

          You can actually install macOS onto USB- and Firewire-connected drives and boot from those instead of the internal drive. My iMac got an unexpected SSD upgrade like this after its internal drive died outside of warranty and I couldn't be bothered getting a pizza cutter and a new adhesive strip for the display glass from MacFixit so as to replace the internal drive "correctly."

          Yes I am aware of that fact but that should happen long after the immutable bootloader has finished executing. In this case I think the recovery is for the second stage bootloader.

    • by sjames ( 1099 )

      According to the information out there, the affected firmware in in ROM, not flash, so a fix would mean replacing the actual chip. New devices will get a fix, the old devices will be vulnerable forever.

    • How's life in the hypocrite lane [slashdot.org]?
  • by Jodka ( 520060 )

    What is the theory justifying the T2 chip? Why is a second processor supposed to be more secure? Is it only because its executables are hidden in ROM accessible only by that processor, which programs running on the main CPU can not access?

    • Re:why? (Score:5, Informative)

      by dgatwood ( 11270 ) on Monday October 12, 2020 @02:33PM (#60600156) Homepage Journal

      The theory, I think, beyond making the fingerprint data nearly impossible to copy (because it never reaches the CPU), is that by using a separate processor, you can't use rowhammer attacks against the data, because what you instead see is authorization and encrypted data going in, and decrypted data coming out. Of course, if you can rowhammer or key capture the authorization data, then you have gained nothing.

      Unfortunately T2 has brought with it a host of serious problems, such as:

      • Inability to run Linux or other operating systems off of internal storage (except in a virtualization environment)
      • Inability to boot with an external GPU attached unless you have an additional monitor (or emulator) connected to the internal GPU
      • Audio glitching at random

      It would be great if Apple realized that this architecture is a mistake and went back to something more sane, with the secure enclave being used exclusively for fingerprint data. After all, the only really useful thing the T2 does is storing the fingerprints for Touch ID in a way that prevents copying. Everything else is just adding unnecessary layers of complexity and creating hard-to-fix bugs, IMO. Unfortunately, knowing Apple's history, they're far more likely to double down on "secure".

      • Unfortunately T2 has brought with it a host of serious problems, such as:
        Inability to run Linux or other operating systems off of internal storage (except in a virtualization environment)
        Inability to boot with an external GPU attached unless you have an additional monitor (or emulator) connected to the internal GPU

        All that would be true; except that it isn't.

        Apple has provided 3 levels of boot-security, from "absolutely nothing but signed Apple OS" down to "It's your funeral". At that level, you can attempt to boot and run any crazy OS you wish.

        • Re: why? (Score:4, Informative)

          by dgatwood ( 11270 ) on Monday October 12, 2020 @04:08PM (#60600492) Homepage Journal

          Unfortunately T2 has brought with it a host of serious problems, such as:
          Inability to run Linux or other operating systems off of internal storage (except in a virtualization environment)
          Inability to boot with an external GPU attached unless you have an additional monitor (or emulator) connected to the internal GPU

          All that would be true; except that it isn't.

          Apple has provided 3 levels of boot-security, from "absolutely nothing but signed Apple OS" down to "It's your funeral". At that level, you can attempt to boot and run any crazy OS you wish.

          You can attempt to boot it, but the operating system itself still cannot access the internal disk even with the security at its lowest setting, unless the Linux community has found a solution to this problem very recently.

          • by Anonymous Coward

            You can attempt to boot it, but the operating system itself still cannot access the internal disk even with the security at its lowest setting, unless the Linux community has found a solution to this problem very recently.

            In addition to its security features, the T2 functions as a new disk I/O controller. It's true that Apple has not written a Linux storage driver for this new device. Until someone writes such a driver you should still be able to boot from the devices that Linux does support.

    • It is because it is DRM. It is a second processor that run's Apple's code to protect _their_ computer against the user.

  • Flashback (Score:5, Insightful)

    by xonen ( 774419 ) on Monday October 12, 2020 @02:17PM (#60600096) Journal

    Why does this remind me of all the Norton firewall stuff we used to use decades ago. Add layers in security equals only adding layers of possible vulnerabilities.

    And then there's the philosophical dilemma of data. Personally i do not want my data encrypted at all. Not that it should be exposed to the nosy. But in case of any hardware failure i be happy to just access my data if possible, thank you. Rather than being dependent on The Cloud(TM) to safekeep what's already mine.

    Now, i do understand there's a market. I can also sort-of see the point of hardware to prove authentication. Apart that, go ahead, steal my Android, hope you like our puppies. Please return it after.

    I'm all for strong encryption and the right for encryption. But i also observe that Apple's behavior only backfires as a call for more enforcement, like the requests for encryption backdoors by the gov.

    So i'm pretty undecided at this point. Somehow i prefer the wild west where deep pockets know the flaws first against regulation where we have no real encryption at all. And right now, mostly the criminals seem to win. Maybe the better path is just not to try to secure phones as fort Knox. Keep that for your data center.

    • by AmiMoJo ( 196126 )

      Their mistake was adding a load of functionality to what should be a pure security chip. It should offer a minimal set of security features and nothing more.

      Instead they made it rival Intel's Management Engine for complexity and we all know how that ended.

    • Re:Flashback (Score:5, Insightful)

      by drew_kime ( 303965 ) on Monday October 12, 2020 @04:24PM (#60600536) Journal

      Personally i do not want my data encrypted at all. Not that it should be exposed to the nosy.

      It's not just about the data. Phones - especially iPhones - are highly-portable high-value items. In theory, with sufficiently strong security on them you remove the incentive for theft, because whoever gets it can't do anything with it.

      But this only works if potential thieves know that any phone they may grab is more likely than not locked down. If it's easy to leave your phone open to the world, lots of people (just like you) will do that. Then everyone has to guard their phones against theft.

    • by teg ( 97890 )

      Now, i do understand there's a market. I can also sort-of see the point of hardware to prove authentication. Apart that, go ahead, steal my Android, hope you like our puppies. Please return it after.

      Actually, stealing your phone is one of the main reasons for technologies such as this. Before phones were locked down like now, a stolen iPhone could just be connected to a computer, factory erased and used or sold as a fully usable iPhone. Locking down the phones like this reduced thefts significantly [cbsnews.com].

      Aside from that, many companies have strict policies to keep their data secure. It's often not just their data, but also customer's data Technologies like this aid in keeping things secure. And while you m

  • by Tangential ( 266113 ) on Monday October 12, 2020 @02:18PM (#60600108) Homepage
    You have to have physical access to a USB port on the box. If you're going to let folks have physical access to your device and plug things into it, then it doesn't seem like you are very concerned about security.

    There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can't remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn't "persistent"; it ends when the T2 chip is rebooted
    • A T2 vulnerability would be very important but I don't think the metal morphing terminators had ports on them

    • by chispito ( 1870390 ) on Monday October 12, 2020 @02:53PM (#60600212)

      You have to have physical access to a USB port on the box. If you're going to let folks have physical access to your device and plug things into it, then it doesn't seem like you are very concerned about security.

      The whole purpose of these security chips is to protect against physical access attacks.

      • Re: (Score:3, Informative)

        by gabebear ( 251933 )
        Physical access still doesn't give access to data, this attack can't decrypt anything unless the user re-enters their password after this attack crashes the T2 system and locks the main operating system from access the disk.

        As far as being "un-patchable", that's seems to be only semi-true. Apple can't fix the crash-bug for the T2, but they have already locked the crashed(DFU-mode) T2 system from accessing the encrpyt/decrpyt functionality, but it can still sniff the keyboard. Apple could make it even mor
    • by bill_mcgonigle ( 4333 ) * on Monday October 12, 2020 @02:59PM (#60600238) Homepage Journal

      T2 is Apple's answer to the Evil Maid attack.

      Oops.

      It's interesting to talk to people who work in State security. Apple has slightly better security, technically, than Android systems, but since it's so popular with shiny people, nearly all of the State-level effort (and/or Cellebrite) goes into iDevice exploits.

      Android patching is a complete shitshow, but that makes it such a heterogeneous environment that the RoI is much lower on attacking it.

      That is to say, Apple is a big target, and when they screw up, the consequences are more dire because of the promises they've made.

    • Cleaning staff has physical access generally off hours if not 24 hours I wouldn't bet low paid cleaning staff who may or may not be a citizen of the nation they are working in aren't vulnerable (money talks) to be manipulated to gain, give access to a computer in a office or home for that matter. Do employers really verify the identify of cleaning staff hired through a contracting company?
      • A $5 USB keyboard logger would do the same thing as this attack on most desktops. The OP point is pretty valid. This attack doesn't even work with only temporary access to the computer. It requires the victim to not realize the system has a malicious device attached to it when the user enters their password.
      • well that is why 1099 cleaning staff needs to go w2 so they can't use very low paid staff that the main cleaning contracting company can just wash there hands of.

    • > You have to have physical access to a USB port on the box.

      That's okay, Apple will just remove the USB ports on the new Macs ;-)

  • by l2718 ( 514756 ) on Monday October 12, 2020 @02:22PM (#60600126)

    untrustworthy

    The point of this "T2" chip, like Intel's TPM, is that the computer manufacturer wants the computer to distrust its owner on behalf of "content creators". And this has the obvious failure mode: if the system has a layer that is more powerful than the putative owner, then that layer owns the system to the detriment of the owner.

    • If I understand well this T2 chip is more like the Intel ME chip, running a whole Minix-based OS doing some shady stuff in the background. Still, it highlights RMS'es "Treacherous Computing" notion: the fact that there is an uncontrollable chip on the computer, meaning we (the users) can't have control over it, doesn't prevent third-parties to find a way to get control over it...

      • If I understand well this T2 chip is more like the Intel ME chip, running a whole Minix-based OS doing some shady stuff in the background. Still, it highlights RMS'es "Treacherous Computing" notion: the fact that there is an uncontrollable chip on the computer, meaning we (the users) can't have control over it, doesn't prevent third-parties to find a way to get control over it...

        I don't know all the details of what the T2 is doing but my understanding is that it is similar to Intel Boot Guard + a hardware TPM.

      • Yes the T2 is replaces much of the PCH, but also provides some TPM-like functionality. It was also step one of the ARM transition, and a way to keep security features and devie drivers more consistent across the system lineup.

    • untrustworthy

      The point of this "T2" chip, like Intel's TPM, is that the computer manufacturer wants the computer to distrust its owner on behalf of "content creators". And this has the obvious failure mode: if the system has a layer that is more powerful than the putative owner, then that layer owns the system to the detriment of the owner.

      You're entirely mistaken about the point of the T2 chip or the TPM. The TPM can only provide platform measurements during various stages of the boot process. The T2 chip has a TPM built into it but it is also a hardware root of trust. And honestly if you're trying to run your own custom firmware you're probably doing something wrong or you are a 0.1%er. The best way for an APT to own your computer is to replace the firmware with something they have compromised. They can't do that as easily with a hardw

  • and doesn't survive a reboot.

  • by S_Stout ( 2725099 ) on Monday October 12, 2020 @03:02PM (#60600252)
    I replace all my Mac products every two years.
    • Ah, so you’re on the slow track...

      Tim Apple would like a word with you.

      • I wonder what Tim Apple would think about the mid-2010 Mac mini on my desktop, or the fact that I upgraded to 16GB, removed the DVD drive for a 2nd HDD and replaced the primary HDD with an SSD.

        Because that's what happens when you're being as green as possible: keep using your hardware as long as you can.

        I do remember him basically laughing at PC users who hadn't upgraded in the last five years. What's the logic behind this line of thinking, besides the obvious "I want more money, screw the planet"?

        • I intend to keep my 13” 2015 MacBook Pro running until it refuses to boot.

          Of course, even in 2015 Apple had already started the move. The RAM couldn’t be upgraded, which is why I went with 16GB from the get go. However I did upgrade the SSD From the stock 256GB to a faster 1TB drive (I’m sure allowing that was an egregious oversight). And I bought it from their refurb store... in 2017 - I still think it is the best laptop Apple has ever made.

          I guess I’m one of those “sad”

          • I still use my Macbook Air I got for my 40th birthday in August of 2011.... It's slow but it holds my stuff, and am using my iPad/iPhone for 98% of all my needs I will upgrade, eventually, I'd like to run a newer OS.
    • What do you replace them with, Windows machines?
    • by antdude ( 79039 )

      You must be rich. What did you do with your old Mac products? :P

  • This doesn't seem to be a big deal. An attacker could use a specially crafter USB device to create a temporary(non-persistent) keyboard sniffer that has no network or disk access... The attack would very likely cause the main operating system to crash as well, causing the keyboard sniffer to be removed when the system reboots.
  • by kbg ( 241421 ) on Monday October 12, 2020 @04:06PM (#60600482)

    And this is exactly why everybody already knew long time ago that adding another layer of security as a special security chip inside the computer that can't be modified or updated but has access to everything and can run without the real computer knowing is always a bad idea. This is why people.

    • And this is exactly why everybody already knew long time ago that adding another layer of security as a special security chip inside the computer that can't be modified or updated but has access to everything and can run without the real computer knowing is always a bad idea. This is why people.

      Layers of security are bad? Are you for real?

      • by kbg ( 241421 )

        Yes too many layers add complexity and it only takes one bug to compromise the whole system and when it is in hardware it's of major collosal proportions. Implementing complex security through hardware with obfuscated logic that can't be updated is always a very bad idea. Just like this example shows, just a single bug can bypass the whole security and even make it less secure in the first place.

        • Yes too many layers add complexity and it only takes one bug to compromise the whole system and when it is in hardware it's of major collosal proportions. Implementing complex security through hardware with obfuscated logic that can't be updated is always a very bad idea. Just like this example shows, just a single bug can bypass the whole security and even make it less secure in the first place.

          I think you have taken a reasonable concern about hardware or physical security systems to arguing against a well understood, broadly accepted standard practice, and I think that argument is weak.
          https://en.wikipedia.org/wiki/... [wikipedia.org]

          Hardware/physical security device - hardest to fix, least flexible. It, like any other layer, can be a single point of failure, and that is not a valid argument against layers of security. You'd have to make a convincing argument that a single layer is generally more secure than mu

  • Replace the system with a PC.

    The purpose of the article though is this bypasses several security mechanisms to decrypt stuff that users assume are secure from attacks such as encryption keys for information stored on disk. Governments and law enforcement love tools like this because it lets them get access to data on systems they otherwise wouldn't have access to at all.

  • Evil begets evil. If you don't understand the relevance you're not paying enough attention.

  • Comment removed based on user account deletion
  • Oh, no, security problems come from everywhere/anywhere, it seems.

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...