Hacker bypasses T2 chip security in recent Mac computers

The checkra1n team managed to bypass the security of the Apple T2 chip. That chip is used, among other things, for some security aspects of recent Mac devices. Presumably, this will eventually enable a jailbreak on affected devices.

One of the members of the checkra1n team, best known for the checkm8 exploit for some iOS devices, made the hack known on Twitter. With the hack, the team would have bypassed the T2 chip. This security chip is included in Macbook Pro and Macbook Air models from 2018 and later, the iMac Pro and the Mac Pro from 2019. The chip controls the security of these computers, including Touch ID authentication, encrypted SSD storage and secure boat. According to Apple, the T2 chip also functions as an SSD controller, image signal processor and system management controller.

One of those involved reports on Reddit that this exploit cannot be patched with software. Apple must therefore come up with a hardware revision to close the leak. The hacker also reports that File Vault disk encryption cannot be circumvented per se, but that users can try to decrypt a disk indefinitely, making the use of brute force techniques easier. Secure boot can also be evaded.

In a Twitter thread Luca Todesco, one of the people behind checkra1n, shows some hacks on the touchbar of a Macbook Pro. For example, the hacker shows a verbose boot mode and PongoOS on the touchbar. This is a custom pre-boot operating system made entirely by checkra1n.

When asked whether Mac computers can be jailbroken in the future, Todesco answers with ‘eta son’, which stands for ‘estimated time of arrival soon’. This is not to say that a jailbreak will be released anytime soon, but it does mean that a Mac jailbreak is being worked on.