Security researchers have published a security hole in Apple’s T2 chip. The exploit can be used to manipulate the behavior of the chip or to infiltrate malware. In addition, the gap cannot be corrected by a software update.
Security researchers claim to be able to crack Apple devices with T2 security chips by combining two exploits. Leading security experts tested the attack method on Monday and confirmed the vulnerability, as the website “ZDNet” reported. As a result, all Apple devices with the T2 chip have an unpatchable vulnerability.
Even though the process is still quite complex, the attack technique has been repeatedly mentioned and discussed in social media networks over the past weeks.
When used correctly, the technique allows hackers to gain full control over all Apple devices with such security chips. Attackers can theoretically use them to retrieve sensitive or encrypted data and even smuggle malware into the systems.
The so-called T2 chips are special co-processors that are installed alongside the main CPU on modern Apple desktops (iMac, Mac Pro, Mac mini) and laptops (MacBooks). T2 chips were announced in 2017 and have been an integral part of the Apple system since 2018.
Such co-processors usually perform smaller tasks, such as audio processing, to relieve the main CPU. However, some such co-processors are also used as security chips and have access to sensitive data. Apple’s T2 chips handle encryption, store passwords, enable TouchID authentication, and process the boot process.
This exploit is a hardware attack, not a software vulnerability. Apple relies on a “ROM” for memory on the T2 processor. ROMs can only be written once – which is why the gap cannot be fixed with a software update. Only a new hardware revision can fix this exploit. Apple has not yet commented on the security gap.