Unpatched Apple T2 Chip Flaw Plagues Macs
A researcher claims that the issue can be exploited by attackers in order to gain root access.
A researcher is claiming that Apple devices – with a macOS operating system and a T2 security chip – are open to an exploit that could give bad actors root access. A fix has not been issued by Apple.
The flaw stems from the T2 chip, which is the second-generation version of Apple’s chip that provides bolstered security – including securing its Touch ID feature, as well as providing the foundation for encrypted storage and secure boot capabilities. Macs sold between 2018 and 2020 have the embedded T2 chip and are affected by this issue.
Of note, an attacker would need physical access to the device to launch an attack, independent security researcher Niels H. said. However, if they are able to successfully steal a victim’s device, attackers could then exploit the issue in order to gain root access, giving them a wide swath of different capabilities. That includes brute-forcing FireVault2 volume passwords (FireVault is Apple’s implementation of encrypting data on macOS and Mac hardware), altering the macOS installation and loading arbitrary kernel extensions.
“I’ve reached out to Apple concerning this issue on numerous occasions, even doing the dreaded cc email@example.com to get some exposure,” said Niels H. in a Monday IronPeak blog post. “Since I did not receive a response for weeks, I did the same to numerous news websites that cover Apple, but no response there as well. In hope of raising more awareness (and an official response from Apple), I am hereby disclosing almost all of the details.”
Threatpost has reached out to Apple for further details did not hear back by deadline.
The issue plaguing the T2 chip stems a combination of two existing problems. First of all, said Niels H., the T2 chip is based on the A10 processor – meaning it is open to a previously disclosed, un-patchable bug affecting hundreds of millions of iPhones that gives attackers system-level access to handsets. This flaw can be exploited via a jailbreak hack called the checkm8 exploit.
Checkm8, disclosed in September 2019, leverages what is called a bootROM vulnerability. As the name suggests, bootROM refers to read-only memory (ROM) that holds startup (or boot-up) instructions for iPhones. Because the memory is read-only, the exploited vulnerability can’t be patched via a security update. In September, the checkra1n jailbreak – based on the BootROM checkm8 exploit -was also officially released and promoted as an easy way to jailbreak iOS devices.
“Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication,” said Niels H. “An example cable that can be used to perform low-level CPU & T2 debugging is the JTAG/SWD debug cable found on the internet. Using the debug cable requires demotion however to switch it from a production state, which is possible via the checkm8 exploit.”
In the case of this specific T2 chip issue, attackers can utilize the checkm8 exploit to initially hijack the device. After that, normally the T2 chip would exit with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call.
However, due to a second issue, called the “blackbird vulnerability” and detailed by team Pangu in August, this is not the case. The blackbird vulnerability allows attackers to attack the secure boot of the secure enclave processor (SEP) – which ultimately can be used to circumvent this check.
As far as gaining physical access to the target device, an attacker would need to first steal a device, and then insert a piece of hardware or other attached component into it. For instance, Niels H. said, it is possible to create a malicious USB-C cable that can automatically exploit the macOS device on boot.
“Once you have access on the T2, you have full root access and kernel execution privileges since the kernel is rewritten before execution,” he said. “Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately. They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.”
Niels H. said if users suspect that their systems are being tampered with, to use Apple Configurator to reinstall bridgeOS on the T2 chip. And for security professionals: “Wait for a fix, keep an eye on the checkra1n team and be prepared to replace your Mac,” he said.