published by Chand Bellur – October 11, 2020 at 12:27 p.m.
- Apple’s T2 chip, first launched with the iMac Pro in 2017, is an embedded system running bridgeOS 2.0.
- The T2 chip is essentially a discrete computer running inside modern Macs, providing security features such as the secure enclave and audio/video encryption.
- Security researchers recently released a tool enabling anyone to exploit Apple’s T2 chip.
- Hacking into the T2 chip provides access to lower operating system levels, making it easier to compromise Macintosh security features.
T2 Processor: Embedded Security for Modern Macs
The modern-day computer is a complex device. Once a simple machine, with a CPU, memory, storage, display adapter, and RAM, contemporary computer systems are full of autonomous components that behave like computers, in and of themselves.
The T2 processor is a perfect example of today’s computing complexity. The chip is actually an autonomous “System on Chip” processor. It runs its own operating system, which is a variant of watchOS. Designed to provide security features for Apple devices, the T2 processor implements algorithms in silicon to prevent malicious users from altering code.
First introduced with the expensive 2017 iMac Pro, the T2 chip implements common security tasks directly on the processor. Unfortunately, consumers paying premium prices for top-notch Apple computers ended up getting less than they expected. A permanent, un-patchable security flaw in the T2 chip leaves the most expensive Macs open to intrusion; however, it appears the vulnerabilities are difficult to exploit.
T2 Chip is Hackable
Just days ago, the cybersecurity world learned of yet another flaw with Apple products. The T2 processor, found in the most expensive Mac systems, can be compromised similarly to jailbreaking an iPhone. With the algorithms permanently etched into the silicon, Apple cannot fix this flaw with an update.
Building on a vulnerability known as Checkm8, which affects iPhone models with A5 through A11 processors, the jailbreak community was able to bypass the T2 chip. Checkra1n, the hacking group that compromised the iPhone, recently released tools to bypass the T2 chip.
One benefit of the intrusion is that the world now knows the T2 chip’s inner-workings. Hackers were able to make the chip run Linux and even play Doom on a MacBook Pro’s Touch Bar.
More seriously, the recent discovery of T2 exploits and past disclosures from the Pangu Team provide methods for decrypting user data. Although physical access to a machine is required, this is a possibility in corporate and government environments.
The latest T2 exploit capabilities undermine Apple’s commitment to privacy and security. For the premium price, Apple only offers the appearance of better privacy and security.
According to Apple security expert and former NSA researcher, Patrick Wardle, Apple cannot fix this issue, and it undermines the whole point of a dedicated security processor:
“I had already assumed that since T2 was vulnerable to Checkm8, it was toast. There really isn’t much that Apple can do to fix it. It’s not the end of the world, but this chip, which was supposed to provide all this extra security, is now pretty much moot.”
T2 Chip Required for 4K Netflix Streaming
Another unfortunate and related issue with the T2 chip is its necessity for DRM-safe, 4K video streaming in the Apple ecosystem. Netflix just announced that only Macs with the T2 processor can stream its content at 4K resolution. This means that many iMac models with 5K screens can only play Netflix at 1080p.
Netflix uses the T2 chip for 4K video decoding, as it provides better digital rights management (DRM) capabilities. The concern is that some systems enable hackers to steal content from Netflix, which compromises its subscription business model.
Given that the T2 chip is both a blessing and a curse, consumers need to know which Apple machines feature it. Given that only a few Mac Models can play Netflix at full resolution, some may choose to skip the Apple ecosystem altogether.
Macintosh Models with T2 Chip
The following Macintosh models feature the T2 security chip:
- 2020 iMac
- iMac Pro
- 2019 Mac Pro
- 2018 Mac Mini (or later)
- 2018 MacBook Air (or later)
- 2018 MacBook Pro (or later)
If you just purchased an iMac with a “breathtaking” 5K display last year, you can only watch Netflix in 1080p resolution, as this relatively new machine doesn’t sport a T2 processor.
It appears that, deeply flawed as it is, the T2 chip provides some value. If you watch Netflix on the newest and most expensive Apple machines, you can enjoy 4K UHD picture quality.
It’s somewhat sad that a chip with so much promise ended up undermining an entire class of Apple’s most expensive Macintosh computers. This is one of many reasons that I’ve distanced myself from the Apple ecosystem.