The T2 Chip Might Have An Unpatchable Security Flaw

The T2 security chip used by Apple powers is present across a large number of devices, including some MacBook models and the iMac Pro. Its main role is to boost the overall security of the device while also boosting overall performance.

However, a cybersecurity researcher argues that the chip comes with a security flaw that could be harnessed by hackers to circumvent several security measures, including firmware-grade password, disk encryption, and others. The issue stems from the fact that the T2 is based on the A10 architecture, which can be targeted with the checkm8 exploit.

Gaining access

The checkm8 exploit can be used to take over the SepOS used by the T2 chip and obtain access to the hardware. In most cases the T2 chip will offer a fatal error if the DFU mode is active and a decryption call is made.

By using another vulnerability, hackers can avoid fatal errors and gain control over the T2 chip. This means that full access and privileges are now available for the root access and kernel execution. Passwords stored with the help of FileVault 2 can’t be read directly, but a keylogger can solve this issue.

Removing security options

Users who rely on security functions like MDM and FindMy are also vulnerable since the exploit can be used to bypass and disable this feature. In this case, a firmware password isn’t useful since the keyboard lock requires the T2 chip, which can already be bypassed.

Since SepOS is stored within the ROM memory used by the T2 chip, Apple doesn’t have the option to patch the vulnerability with the help of a software update. On the other hand, the use of an infected hardware accessory is needed to run the exploit, a trait that limits the usability of the vulnerability.

Apple hasn’t offered any comments on the subject for now, and the upcoming in-house silicon might use an improved security chip.