Information about the vulnerability was provided to Niels H. by security researcher Rick Mark and the checkra1n team, which first discovered the flaw. According to Mark, the checkm8 flaw exists in USB handling in DFU mode.
Normally, the T2 chip's Secure Enclave Processor (SEP) will exit with a fatal error if it detects a decryption call when in DFU mode. That's a security mechanism baked into both Mac and iOS devices through the SEP. However, the exploit can be paired with the Blackbird SEP vulnerability, developed by Pangu, to that security mechanism.
Once an attacker gains access to the T2 chip, they will have full root access and kernel execution privileges. Although they can't decrypt files protected by FileVault 2 encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access.
(Score: 3, Funny) by Anonymous Coward on Monday October 12 2020, @07:53PM
You're just holding the T2 chip wrong!
(Score: 4, Funny) by Thexalon on Monday October 12 2020, @09:26PM (2 children)
Does DFU mode stand for "Don't F*** Up" mode? Because they done f'd up.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Mojibake Tengu on Monday October 12 2020, @09:36PM (1 child)
Device Firmware Update mode.
https://support.apple.com/guide/apple-configurator-2/revive-or-restore-mac-firmware-apdebea5be51/mac [apple.com]
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by Thexalon on Tuesday October 13 2020, @02:58AM
I still like my answer better, and wouldn't be surprised if some Apple engineers use it around the office.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: -1, Troll) by fakefuck39 on Monday October 12 2020, @10:44PM (6 children)
who the fuck is using apple products for secure products. apple is for photoshops of you getting laid and instagram comments for starbucks hipsters. Physical access to a device by FBI-level staff means access to your data. news at 11.
People who care about encrypting some of the data aren't going to use an operating system's encryption method - they already assume it's compromised and decryptable by the vendor. They'll use one of the many software solutions already available for encrypting data.
(Score: 1, Flamebait) by Anonymous Coward on Monday October 12 2020, @11:27PM (3 children)
Fuck off, troll.
https://ironpeak.be/blog/crouching-t2-hidden-danger/#security-issues [ironpeak.be] - where does it say physical access? It uses the USB stack but does not need physical access, it just makes syscalls.
You fucking troll.
And this means that crossing borders is much less safe for anyone who's ever penned six lines.
You're a fucking troll for insinuating this is non-news, when in fact Apple devices being hard for nasty govs to access without lead pipe cryptography, is huge news.
In summary: fuck off.
(Score: 2) by fakefuck39 on Monday October 12 2020, @11:54PM (2 children)
waaat. did you read your own link? this is not a remote exploit. as in you have to have hacked into the device already.
"so it will require a hardware insert or other attached component such as a malicious USB-C cable."
it takes a complete retard to read that line from your link and think
"I don't need physical access to the device, I can insert hardware or a USB cable remotely"
yes sherlock, once you have physical access, you initiate syscalls. That's literally the way all software works - using syscalls.
(Score: 1, Insightful) by Anonymous Coward on Tuesday October 13 2020, @12:32AM (1 child)
You are wrong.
This attack is not inherently persistent. To make it so, would require eg. a USB device plugged in for every bootup, or hardware insert. From the disclosure:
You trimmed the start of the quote in order to mislead and obfuscate. The entire sentence:
This means malware can't be hidden in the SEP. But this can be exploited to drop malware into iOS, giving root access to the OS - only denying future SEP bypass.
For the exploit vector to include another compromised machine does not mean physical access is required. The phone doesn't have to be taken apart, and special hardware is NOT needed, the user just needs to plug it into a compromised machine.
(Score: 2) by fakefuck39 on Saturday October 17 2020, @10:15PM
you: physical access not required
also you: "the user just needs to plug it into a compromised machine"
I love it when people scream at the top of their lungs how stupid they are. In your case, you wrote "I'm an idiot" and repeatedly put it in bold.
(Score: -1, Flamebait) by Ethanol-fueled on Tuesday October 13 2020, @12:00AM
By entering keypresses stored by their Jew operating system and transmitted straight to Mossad, who then decides if the FBI should see the data. If Mossad decide that it's not one of their Sayanim or other agents holding the phone, they decide the FBI gets to see the data but only through one of their approved third-party "security consultants" and after handsome fees are paid to those "consultants."
Cute. Surprised you're not shilling Whatsapp.
(Score: 3, Interesting) by epitaxial on Tuesday October 13 2020, @12:42AM
Encrypt your Android all you want. You still have no idea what the sim card or LTE modem is doing.
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @01:42AM
The T2 chip is functioning as intended.
(Score: 2) by PinkyGigglebrain on Tuesday October 13 2020, @04:51AM
their backdoor into Apple iPhones has been discovered.
At least that was the first thing that went through my mind when I read the headline.
Whether the flaw was intentionally added or just a honest oversight doesn't really mater. Given the number of groups, TLAs and other nation level actors who are constantly poking around in all things tech I would be incredibly surprised if this exploit wasn't already know to at least some State level TLA or cyber group for quite some time.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."