Apple's T2 chip has an unfixable vulnerability that could allow root access

2

Comments

  • Reply 21 of 58
    MittyMitty Posts: 18member
    normang said:
    Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.

    "Although they can't decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access."

    You don't use your computer for online banking? 

    JFC_PA said:
    So once the bad people HAVE the device they can mess with it.   Yawn. 

    "...it'll require a hardware component, such as a malicious and specially-crafted USB-C cable."

    How do you know that you're not using an infected peripheral, like a used cable purchased on eBay or even a 3rd party cable on Amazon? 

    FileMakerFeller
  • Reply 22 of 58
    GobnuGobnu Posts: 17member
    This is like saying that your Mac security can easily be circumvented by somebody cutting off your finger and using it on your Touch ID laptop. 

    All of these exploits with multiple steps, extensive knowledge and physical access  required — who cares, unless you’re a 007 agent or cheated on the wrong person?
    StrangeDaysDogpersonronnthtspock1234macpluspluswatto_cobraentropys
  • Reply 23 of 58
    Guess it’s time for the T3 chipset.

    Although I don’t think anyone should be afraid of this in a practical situation, conceptually this vulnerability looks really bad on Apple, especially since this supposes to be a, well, security chip. 
    planetary paullkruppspock1234FileMakerFeller
  • Reply 24 of 58
    dewmedewme Posts: 5,556member
    Security has always been, and will always be, all about defense-in-depth. That said, every layer of protection, even physical security, can be exploited with the right tools and/or techniques. This specific issue is a classic example of more than one vulnerability or failure mode being chained together to exploit a layer of protection.

    Anyone making claims about this exploit being an indictment on Apple’s security or quality process doesn’t have a firm grasp on reality. Modern computing systems are incredibly complex when it comes to simply recognizing all of the possible execution paths in a process, especially when it comes failure induced and exception based execution paths and cross process system state dependencies. Coupling all of these complexities with the complexities of other processes in the same shared execution environment on the same platform makes matters so much worse.

    The message here is not that some problems are just too difficult to solve. Rather, it’s that solving very difficult problems requires an enormous investment in time and resources. I think that most of us have come around to accepting that all security systems can be cracked given enough time and resources. Well, the same set of rules applies to designing for security. Given enough time and resources any system can be made more secure. But still, it will never be perfect because the cost of creation is many orders of magnitude greater than the cost of destruction. Any idiot with a box of dynamite can take down a bridge that cost tens of millions of dollars and several years to create. It’s never a fair fight for the good guys, and cyber security is unfortunately a victim of this inherent imbalance between good and evil.
    StrangeDaysplanetary paulmuthuk_vanalingamGG1randominternetpersondocno42watto_cobra
  • Reply 25 of 58
    StrangeDaysStrangeDays Posts: 12,964member
    digitol said:
    That’s right. “Apple security” All the inconvenience, trouble and pain, and still this happens. Definitely not worth it. T2chip has been nothing but a troublesome, miserable disaster. Huge failure. Sad. 
    lol, riiight. 
    ronnwilliamlondonwatto_cobra
  • Reply 26 of 58
    StrangeDaysStrangeDays Posts: 12,964member

    svanstrom said:
    JFC_PA said:
    “ ecause of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

    As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.”

    So once the bad people HAVE the device they can mess with it.   Yawn. 
    Which means that the devices that used to be undesirable by thieves and robbers now are perfectly legit reasons for pulling weapons on, physically attacking, and in at least some cases also worth killing, people out and about. There's no yawning about that.
    Yeah I remember when you guys said muggers would be chopping off fingers for TouchID cracking. yawn. 
    ronnwilliamlondonspock1234randominternetpersondocno42watto_cobra
  • Reply 27 of 58
    normang said:
    Once again the severity of a security issue is overplayed...  To assume that it cannot be resolved in some other way is short sighted..   Also its always assumed that this "researcher" is right, maybe he's wrong....   Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.
    So are you like this with security issues for all products or just those made by Apple?

    True, without physical access it is useless but devices do get stolen all the time. If you work in certain professions there are absolutely people that are going to try to steal your device and access it. 

    This isn't a "major issue that affects most people" but it isn't "nothing" either. Pardon me for thinking that you would not be nearly so dismissive were this a Windows or Android vulnerability.
    gatorguyelijahgMittymuthuk_vanalingamwilliamlondonctt_zh
  • Reply 28 of 58
    razorpitrazorpit Posts: 1,796member
    svanstrom said:
    JFC_PA said:
    “ ecause of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

    As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.”

    So once the bad people HAVE the device they can mess with it.   Yawn. 
    Which means that the devices that used to be undesirable by thieves and robbers now are perfectly legit reasons for pulling weapons on, physically attacking, and in at least some cases also worth killing, people out and about. There's no yawning about that.
    That’s why in 2020 I always have my PPE and PPK.
    watto_cobra
  • Reply 29 of 58
    razorpitrazorpit Posts: 1,796member
    Mitty said:
    normang said:
    Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.

    "Although they can't decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access."

    You don't use your computer for online banking? 

    JFC_PA said:
    So once the bad people HAVE the device they can mess with it.   Yawn. 

    "...it'll require a hardware component, such as a malicious and specially-crafted USB-C cable."

    How do you know that you're not using an infected peripheral, like a used cable purchased on eBay or even a 3rd party cable on Amazon? 

    You buy used USB cables on eBay? You deserve everything that comes with it. 
    ronnspock1234igorskywatto_cobra
  • Reply 30 of 58
    bulk001bulk001 Posts: 771member
    All of you dismissing the significance of this were probably the first howling outrage when security vulnerabilities were found in Intel chips ... 
    muthuk_vanalingamavon b7
  • Reply 31 of 58
    mac_dogmac_dog Posts: 1,080member
    svanstrom said:
    JFC_PA said:
    “ ecause of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

    As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.”

    So once the bad people HAVE the device they can mess with it.   Yawn. 
    Which means that the devices that used to be undesirable by thieves and robbers now are perfectly legit reasons for pulling weapons on, physically attacking, and in at least some cases also worth killing, people out and about. There's no yawning about that.
    Hate to break it to you, but your information isn’t  important enough for anyone to do the above mentioned. Relax. 
    ronnwatto_cobra
  • Reply 32 of 58
    rcfarcfa Posts: 1,124member
    Sounds like a perfect RasPi4/Kali project to regain access to a Mac from which one’s locked out...
    watto_cobra
  • Reply 33 of 58
    MittyMitty Posts: 18member
    razorpit said:
    Mitty said:
    normang said:
    Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.

    "Although they can't decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access."

    You don't use your computer for online banking? 

    JFC_PA said:
    So once the bad people HAVE the device they can mess with it.   Yawn. 

    "...it'll require a hardware component, such as a malicious and specially-crafted USB-C cable."

    How do you know that you're not using an infected peripheral, like a used cable purchased on eBay or even a 3rd party cable on Amazon? 

    You buy used USB cables on eBay? You deserve everything that comes with it. 
    I don't but that doesn't mean people other do not and should not.  And who doesn't buy third party peripherals off Amazon? To make this problem sound like an edge case is extremely base. 

    I just bought a 16" MBP with a 5600M for $4K. https://i.imgur.com/4a9Bw5M.png I still have 1 more week before the return period ends and I'm contemplating returning it. To have this kind of vulnerability on such an expensive piece of hardware is pathetic. I paid the Mac premium for a reason. Do you have any idea what kind of Ryzen machine running Mint I can have for that kind of money? https://i.imgur.com/5chHGR8.png
    edited October 2020 muthuk_vanalingamwilliamlondon
  • Reply 34 of 58
    SpamSandwichSpamSandwich Posts: 33,407member
    Mitty said:
    razorpit said:
    Mitty said:
    normang said:
    Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.

    "Although they can't decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access."

    You don't use your computer for online banking? 

    JFC_PA said:
    So once the bad people HAVE the device they can mess with it.   Yawn. 

    "...it'll require a hardware component, such as a malicious and specially-crafted USB-C cable."

    How do you know that you're not using an infected peripheral, like a used cable purchased on eBay or even a 3rd party cable on Amazon? 

    You buy used USB cables on eBay? You deserve everything that comes with it. 
    I don't but that doesn't mean people other do not and should not.  And who doesn't buy third party peripherals off Amazon? To make this problem sound like an edge case is extremely base. 

    I just bought a 16" MBP with a 5600M for $4K. https://i.imgur.com/4a9Bw5M.png I still have 1 more week before the return period ends and I'm contemplating returning it. To have this kind of vulnerability on such an expensive piece of hardware is pathetic. I paid the Mac premium for a reason. Do you have any idea what kind of Ryzen machine running Mint I can have for that kind of money? https://i.imgur.com/5chHGR8.png
    Sure you did, Mr. Two Posts.
    spock1234randominternetpersonwatto_cobra
  • Reply 35 of 58
    MittyMitty Posts: 18member
    Mitty said:
    razorpit said:
    Mitty said:
    normang said:
    Plus how many of you are wandering around with a Mac filled with data that if accessed is worth a flip? Without physical access, its useless.

    "Although they can't decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access."

    You don't use your computer for online banking? 

    JFC_PA said:
    So once the bad people HAVE the device they can mess with it.   Yawn. 

    "...it'll require a hardware component, such as a malicious and specially-crafted USB-C cable."

    How do you know that you're not using an infected peripheral, like a used cable purchased on eBay or even a 3rd party cable on Amazon? 

    You buy used USB cables on eBay? You deserve everything that comes with it. 
    I don't but that doesn't mean people other do not and should not.  And who doesn't buy third party peripherals off Amazon? To make this problem sound like an edge case is extremely base. 

    I just bought a 16" MBP with a 5600M for $4K. https://i.imgur.com/4a9Bw5M.png I still have 1 more week before the return period ends and I'm contemplating returning it. To have this kind of vulnerability on such an expensive piece of hardware is pathetic. I paid the Mac premium for a reason. Do you have any idea what kind of Ryzen machine running Mint I can have for that kind of money? https://i.imgur.com/5chHGR8.png
    Sure you did, Mr. Two Posts.
    Yes, I sure did: https://i.imgur.com/UxgDIHm.jpg

    I'm a Macrumors regular and I only found out about this site because of all of the video reviews by Andrew on YouTube. 
    muthuk_vanalingamgatorguyGG1williamlondonctt_zh
  • Reply 36 of 58
    rangerd said:
    svanstrom said:
    JFC_PA said:
    “ ecause of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

    As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.”

    So once the bad people HAVE the device they can mess with it.   Yawn. 
    Which means that the devices that used to be undesirable by thieves and robbers now are perfectly legit reasons for pulling weapons on, physically attacking, and in at least some cases also worth killing, people out and about. There's no yawning about that.
    Somehow I don't think thieves, muggers, and bloody murderers are real savvy on hacking in-chip hardware vulnerabilities. If this were the case, 2020 would be better known for "The Slaughter of the Smartphone Users" than for COVID, since all phones have various security flaws of one kind or another, especially if you have them in-hand. I think your statement is downright preposterous, to be frank. Sounds like you are having a terrible, anxious day, and maybe went a little far on this one. I get it, times are pretty tough right now. Deep breaths, and hang in there. Things will get better. No snark, I mean it.
    The guy selling drugs probably don't know how to make them, and just the same the guy robbing don't know how to run a fencing operation; so it simply becomes about the value of a stolen product… If it has a value to someone else (because they can get it to someone savvy on hacking in-chip hardware vulnerabilities), or if it's worthless.
    watto_cobra
  • Reply 37 of 58
    mac_dog said:
    svanstrom said:
    JFC_PA said:
    “ ecause of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

    As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.”

    So once the bad people HAVE the device they can mess with it.   Yawn. 
    Which means that the devices that used to be undesirable by thieves and robbers now are perfectly legit reasons for pulling weapons on, physically attacking, and in at least some cases also worth killing, people out and about. There's no yawning about that.
    Hate to break it to you, but your information isn’t  important enough for anyone to do the above mentioned. Relax. 
    To some my information absolutely would be what we at least could call worth slightly more than worthless, and there are some git repos that really shouldn't get out (could cost me a bloody fortune); also, under just the right/wrong circumstances they could definitely mess with information/accounts that would be extremely valuable to me (and/or my clients). Although, the race would be on as I within minutes could mitigate that from another device.

    BUT… That's not what I'm worried about!

    I actually fairly regularly have to walk through areas where robberies do happen; and I really don't want some moron with a knife to read about an Apple vulnerability and think that I might be his payday.

    That's the main thing. As much as I really don't want to lose equipment, and the impact it would have one my work, my main worry is having the odds ever so slightly less in my favour.
    Mitty
  • Reply 38 of 58
    digitol said:
    That’s right. “Apple security” All the inconvenience, trouble and pain, and still this happens. Definitely not worth it. T2chip has been nothing but a troublesome, miserable disaster. Huge failure. Sad. 

    There is one great advantage of buying older hardware. You know what are you buying as all or most issues are known and price is set by offer and demand. It is not solution for all but for some.
    watto_cobra
  • Reply 39 of 58
    bonobob said:
    longpath said:
    I’m more interested in whether Apple will take this wake up call, and take steps to prevent such a blunder with the forthcoming Apple Silicon systems.
    The problem is already fixed in the A12 chip and beyond, so it's unlikely Apple will reintroduce the bug in their ARM Macs.  Their developers' edition has an A12Z, so even it should be immune.

    One more reason for Apple to keep one cheap iPhone/iPad in line up to outpace old vulnerable devices  or push them among users they do not care or would use Android otherwise.
    svanstromwatto_cobra
  • Reply 40 of 58
    jingojingo Posts: 117member
    @Svanstrom - your frankly hysterical post gets things totally out of proportion. Do you REALLY, seriously, think that some "moron with a knife" will read about an Apple vulnerability and then decide to target you? You have some serious issues, man. Come on, get some sense of proportion!
    ronnrandominternetpersondocno42watto_cobra
Sign In or Register to comment.