Apple's T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon

2020-10-08 11:04

Apple's T2 security chip is insecure and cannot be fixed, a group of security researchers report.

Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.

The T2, which contains a so-called secure enclave processor intended to safeguard Touch ID data, encrypted storage, and secure boot capabilities, was announced in 2017.

"ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM.".

While Apple cannot fix the flaw in its T2, Mark says it should be possible to restore a compromised device that's still bootable into DFU by attaching it to a trustworthy second device.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/08/apple_t2_security_chip/

#apple #boot #chip