Password cracking tool can slowly hack T2 Mac passwords

Posted:
in macOS edited February 2022
A company that makes a password cracking tool says that a new vulnerability found in the Mac T2 chip allows it to brute force passwords and decrypt a device.

MacBook Pro
MacBook Pro


Apple's T2 chip, among other features, allows a Mac user to encrypt and decrypt data on their SSD. That encryption is bolstered by other security features, like a limit on the number of password attempts to mitigate brute force attacks.

Because a Mac's password isn't stored on its SSD, bypassing this encryption meant that an attacker would need to brute force the decryption key, which could take millions of years. However, a company called Passware says it can now defeat this security mechanism.

Passware's unlocking tools were previously able to crack passwords on Macs without the T2 chip. However, earlier in February, the company quietly announced an add-on to the latest version of the software can bypass the brute force mitigation protections on a T2 chip.

That module available for the Passware tool apparently exploits a new T2 chip vulnerability to circumvent the password attempt limit. The end result is that an attacker can apply a password dictionary and brute force a Mac's password, allowing them to potentially decrypt the device's data.

Passware-enabled attacks are slow, however. The company's password cracking tool can guess 15 passwords per second. If a user's password is relatively long, brute forcing a Mac could still take thousands of years. Shorter passwords are more vulnerable, with a six-character password crackable in about 10 hours.

The company is also offering a dictionary of about 550,000 commonly used passwords alongside a longer dictionary of about 10 billion passwords.

Password's T2-bypassing tool is available both to government customers and companies that can provide a valid justification for its usage. It costs $1,990.

Brute forcing a Mac's password requires physical access to your device, so the feature isn't going to be a significant concern for most users. Users who lock down their Mac with a longer and strong device password can also rest easy knowing that a brute force attempt could take thousands of years.

Similarly, the flaw only applies to Intel-based Macs with a T2 chip. Mac devices with Apple Silicon or M1 chips are unaffected.

Read on AppleInsider

Comments

  • Reply 1 of 6
    tyler82tyler82 Posts: 1,112member
    Which is why using long mixed character passwords for all your devices and accounts is so important!
    edited February 2022
  • Reply 2 of 6
    lkrupplkrupp Posts: 10,557member

    Brute forcing a Mac's password requires physical access to your device, so the feature isn't going to be a significant concern for most users. Users who lock down their Mac with a longer and strong device password can also rest easy knowing that a brute force attempt could take thousands of years.

    Whew! I can sleep better tonight. Another apocalypse averted. Chicken Little is wrong once again.
  • Reply 3 of 6
    I wonder how many will read about this and change their five-letter dictionary password to something a bit more robust.  The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 
  • Reply 4 of 6
    markbyrn said:
    The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 
    No, it is not possible to do a T2 firmware and if it was, then hackers could just apply their "special" firmware update. It is patched for new M1 machines.
  • Reply 5 of 6
    rwesrwes Posts: 200member
    markbyrn said:
    The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 
    No, it is not possible to do a T2 firmware and if it was, then hackers could just apply their "special" firmware update. It is patched for new M1 machines.
    That’s not how firmware updates work (I don’t think)… just about all are now signed so a back actor can’t do exactly that; install their “special” firmware update. If anyone could go updating firmware, people/hackers would certainly already be exploring that.

    *If* this is addressable by a firmware update, Apple will have one out in short order I’m sure.
    pmh
  • Reply 6 of 6
    pmhpmh Posts: 18member
    rwes said:
    markbyrn said:
    The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 
    No, it is not possible to do a T2 firmware and if it was, then hackers could just apply their "special" firmware update. It is patched for new M1 machines.
    That’s not how firmware updates work (I don’t think)… just about all are now signed so a back actor can’t do exactly that; install their “special” firmware update. If anyone could go updating firmware, people/hackers would certainly already be exploring that.

    *If* this is addressable by a firmware update, Apple will have one out in short order I’m sure.

    Yes, Apple signs it's OS software & firmware, and the T2 firmware can be updated during OS upgrades as well as during a "revive":

    People are of course exploring how to produce their own OS software/firmware, but nobody has successfully done so for T2 or M1 Macs...
Sign In or Register to comment.