toms guide Your Mac may be vulnerable to hackers, and it can't be patched — here's why

[Darkpriest667]

Quote

Belgian security consultant Niels Hofmans, writing on his blog yesterday (Oct. 5) as ironPeak, explained how he was able to jailbreak the T2 chip by running 0.11.0 of the checkra1n software via a USB-C connection while the Mac was booting up. 

 

The jailbreak left the T2’s debugging interface open to the user, allowing them to enter Device Firmware Update (DFU) without any authentication. It also means hackers who get their hands a Mac can get root access to the chip to modify and take control of anything running on the device — including encrypted data.

 

"Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check in the SEP and do whatever we please," Hofmans wrote.

 

He also included instructions and code to carry out the exploit in case you want to try it yourself.

 

 

Source

 

 

Looks like it's not a fixable issue and not even a firmware update will alleviate this.  It does not appear that this will follow the new MAC processors. 

Edited October 8, 2020 by axipher

[Andrew]

Link? 

 

it does seem like it's local only, not online.

[Darkpriest667]

3 minutes ago, Andrew said:

Link? 

 

it does seem like it's local only, not online.

 

Source was quoted. Here are several others

 

https://www.zdnet.com/article/hackers-claim-they-can-now-jailbreak-apples-t2-security-chip/

 

https://hothardware.com/news/apple-t2-mac-security-chip-unpatchable-root-access-exploit

 

https://www.techradar.com/sg/news/your-macbook-might-be-hiding-a-major-security-vulnerability-heres-what-you-need-to-know

 

It's been confirmed and I verified it on a Macbook I have here in the lab.

 

Yes it's locally but T2 and TPM chips(for Dell and other systems) are specifically designed to prevent local attacks.

Edited October 6, 2020 by Darkpriest667

[Andrew]

I meant there's no source link to the Toms Hardware article.

 

But yeah. you do need physical access to the computer in order to make use of that exploit. That's how it has always been with Macs. Hacking into them remotely is near enough impossible, but if you have physical access to them, it's pretty easy. At least for the people who know what they're doing.

[ENTERPRISE]

Fortunately this is not a remote exploit...could you imagine lol.

[UltraMega]

What would this enable a user to do? What would be the point of jailbreaking a Mac computer? 

[Darkpriest667]

30 minutes ago, UltraMega said:

What would this enable a user to do? What would be the point of jailbreaking a Mac computer? 

 

 

They can disable the onboard encryption and then steal the drive and download the data. Most of the people that use these and TPM/PCC chips tend to work in high security environments or think they do and are worried about espionage or valuable data being leaked.