A vulnerability in Apple’s T2 security chip can be exploited to hack the security systems of Mac computers, reports Wired.
The flaw, known as Checkm8, is not fixable, meaning that it is a permanent concern for Apple Mac users.
The exploit involves the T2 security chip being jailbroken in a similar way to how researchers have jailbroken older iPhone models in the past. This is because the T2 chip is based on the older chips used in these iPhone models.
The T2 chip was launched in 2017 and provides additional security features including Touch ID, encrypted data storage, and Activation Lock – which is used by Apple’s device-finding feature.
For now, the Checkm8 vulnerability has allowed researchers to explore the T2 chip’s security features, run Linux, or play Doom on the MacBook Pro’s touch bar.
Threat to users
While this may appear to be harmless, it does mean that the door is now open for malicious hackers to manipulate the security settings of Apple Macs that use the T2 security chip.
Security features that could be disabled include System Integrity Protection and Secure Boot, while users could also find ways to install malware on Apple Macs.
“The T2 is meant to be this little secure black box in Macs—a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties,” said creator of the Guardian Firewall app for iOS Will Strafach.
“So the significance is that this chip was supposed to be harder to compromise—but now it’s been done.”
Not an easy exploit
However, the good news is that there are a number of criteria that have to be met for the Checkm8 vulnerability to be used maliciously on Apple’s Mac computers.
Firstly, the user needs to have physical access to the Mac in question, as the exploitation of the vulnerability requires that the hacker run a tool on a different device and connect to the Mac via USB.
Additionally, the jailbreak is automatically ended if the user reboots the T2 chip – although it is worth noting that this doesn’t automatically happen whenever you reboot your Mac.
Thirdly, the malicious party can’t get instant access to already-encrypted data. Instead, hackers would need to install keyloggers or other malware that accesses new data.