 |
| Apple's T2 security chip has an irreversible flaw |
Security researchers say they can combine the two vulnerabilities originally developed for Jailbroken iPhones into Macs and MacBooks, including Apple's latest security chip (T2).
Although the process is still quite complex, the technology used has been mentioned on the Twitter platform in the past few weeks after being tested by the best security and jailbreak experts.
When used properly, this technology allows users to take full control of their device, change the behavior of the underlying operating system, and recover sensitive or encrypted data and factory malware.
T2 Security Chip is a special co-processor that is installed in modern Apple laptops and desktops with Intel main processor such as (iMac), (Mac Pro), (Mac mini) and (MacBook). .
The T2 chip was released in 2017 and Apple has added it to all retail devices since 2018.
Her job is to work as a separate processor. By default, it manages audio processing and many low-level I / O functions. To reduce the load on the main processor.
However, it is also used as a security chip like the Secure Area Processor (SEP) to process sensitive data such as encryption, KeyChain password, TouchID authentication, encrypted device storage, and secure boot process.
In other words, it plays an important role in all modern Apple devices as the chip supports most of the security functions.
Over the summer, security researchers discovered a way to hack T2 and found a way to implement the security chip's internal code during the boot process.
The attack required a combination of two vulnerabilities originally designed to jailbreak iOS devices - Checkm8 and Blackbird.
According to an article published by Belgian security company (IronPeak), traversing the (T2) security chip involves connecting to a Mac or Macbook via USB-C and running Checkra1n jailbreak version 0.11.0 during the OS startup process.
This is because Apple maintains the patch surface in the customer's T2 security chip, so anyone can switch to DFU (Device Firmware Update) mode without authentication. .
This method allows you to create a (USB-C) cable that the device (macOS) can use automatically upon startup.
Since this is a hardware problem, all T2 chips should be considered unbreakable.
The only way for users to deal with the fallout of the attack is to reinstall the operating system on the T2 BridgeOS chip.