A researcher is claiming that Apple devices with a macOS operating system & a T2 security chip are open to an exploit that could give bad players root access. A fix has not yet been issued by Apple.
The flaw comes from the T2 chip, which is the 2nd-generation version of Apple’s chip that provides enhanced security, including securing its Touch ID feature, as well as providing the foundation for encrypted storage & secure boot capabilities.
Macs sold between 2018 & 2020 have the embedded T2 chip & are affected by this issue.
An attacker would need physical access to the device to launch an attack, independent security researcher Niels H. said. However, if they are able to successfully steal a victim’s device, attackers could then exploit the issue in order to gain root access, giving them a wide range of different capabilities.
That includes brute forcing FireVault2 volume passwords (FireVault is Apple’s implementation of encrypting data on macOS & Mac hardware), altering the macOS installation & loading arbitrary kernel extensions.
“I’ve reached out to Apple concerning this issue on numerous occasions, even doing the dreaded cc firstname.lastname@example.org to get some exposure,” explained Niels H. in a Monday Iron Peak blog post.
“Since I did not receive a response for weeks, I did the same to numerous news websites that cover Apple, but no response there as well. In hope of raising more awareness (& an official response from Apple), I am hereby disclosing almost all of the details.”
This issue affecting the T2 chip comes from a combination of 2 existing problems. 1st, said Niels H., the T2 chip is based on the A10 processor, so it is open to a previously disclosed, un-patchable bug affecting 100s of millions of iPhones that gives attackers system-level access to handsets.
This flaw can be exploited via a ‘jailbreak hack’ called the checkm8 exploit.
Checkm8, revealed in Sept. 2019, uses what is called a bootROM vulnerability. As the name indicates, bootROM refers to read-only memory (ROM) that holds startup (or boot-up) instructions for iPhones.
Because the memory is read-only, the exploited vulnerability cannot be patched via a security update. In Sept., the checkra1n jailbreak, based on the BootROM checkm8 exploit -was also officially released & promoted as an easy way to jailbreak iOS devices.
“Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication,” commented Niels H.
CPU & T2 Debugging
“An example cable that can be used to perform low-level CPU & T2 debugging is the JTAG/SWD debug cable found on the internet. Using the debug cable requires demotion however to switch it from a production state, which is possible via the checkm8 exploit.”
In the case of this specific T2 chip issue, attackers can utilise the checkm8 exploit to initially hijack the device. After that, normally the T2 chip would exit with a fatal error if it is in Device Firmware Update (DFU) mode & it detects a decryption call.
However, because of a 2nd issue, called the “blackbird vulnerability” & detailed by team Pangu in Aug, this is not the case. The ‘blackbird vulnerability’ allows attackers to attack the secure boot of the secure enclave processor (SEP), which ultimately can be used to circumvent this check.
When it comes to gaining physical access to the target device, an attacker would need to 1st steal a device, & then insert a piece of hardware or another attached component into it. E.g., Niels H. observed, it is possible to create a malicious USB-C cable that can automatically exploit the macOS device on boot.
Root Access & Kernel Execution
“Once you have access on the T2, you have full root access & kernel execution privileges since the kernel is rewritten before execution,” he explained. “Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately.
They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.”
Niels H. recommended if users suspect that their systems are being interfered with, to use Apple Configurator to reinstall bridge OS on the T2 chip.
For security professionals: “Wait for a fix, keep an eye on the checkra1n team & be prepared to replace your Mac,” he concluded.