Apple T2 hacked, Mac passwords at risk

The security chip Apple T2used since 2018 to provide more protections on Mac computers, both fixed (iMac and Mac Mini) and portable (MacBook), integrates a SSD controller it’s a crypto engine which allows you to encrypt and decrypt data in real time, without stressing the other components of the system. In practice, T2 is a fundamental element of Apple devices and allows the secure start of computers, preventing any attackers from modifying macOS to gain access. How described from Apple itself:

When the software is downloaded and prepared for installation, it is personalized with a signature that includes the Exclusive Chip Identification (ECID) as part of the signature request, which is a unique ID in this case specific to the T2 chip. The signature returned by the signature server is therefore unique and usable only by that T2 chip in practice. The UEFI firmware is designed to ensure that, when the “Total Security” policy is in effect, a certain signature is not only from Apple, but also created specifically for that Mac, binding that version of macOS to that particular Mac. This helps prevent rollback attacks, as described for the “Total Security” option on Macs equipped with an Apple chip.

Sadly, it appears that all of this is in jeopardy now, as, as reported by 9to5mac, a vulnerability was recently exploited that allows password discovery. In any case, it is a type attack brute-force; therefore, the identification of the password could take a very long time, unless you use common terms. Passwarein fact, it offers a add-on module which allows you to bypass the protection that prevents multiple attempts on T2 so as to try up to 15 passwords per second. As a result, this could take thousands of years, or even a few hours, depending on the password you choose. Passware offers this add-on only for government customers or private companies who can provide a valid justification.

This is the list of computers with T2 chips on which this bug can be exploited:

  • iMac (Retina 5K, 27-inch, 2020)
  • iMac Pro
  • Mac Pro (2019)
  • Mac Pro (Rack, 2019)
  • Mac mini (2018)
  • MacBook Air (Retina, 13-inch, 2020)
  • MacBook Air (Retina, 13-inch, 2019)
  • MacBook Air (Retina, 13-inch, 2018)
  • MacBook Pro (13-inch, 2020, two Thunderbolt 3 ports)
  • MacBook Pro (13-inch, 2020, four Thunderbolt 3 ports)
  • MacBook Pro (16-inch, 2019)
  • MacBook Pro (13 ″, 2019, two Thunderbolt 3 ports)
  • MacBook Pro (15-inch, 2019)
  • MacBook Pro (13-inch, 2019, four Thunderbolt 3 ports)
  • MacBook Pro (15-inch, 2018)
  • MacBook Pro (13-inch, 2018, four Thunderbolt 3 ports)

As usual, the best protection remains to choose a long, word-free password that is commonly used that includes numbers, letters and special characters.