Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AppleInsider - A custom USB-C cable can jailbreak the T2 chip in a MacBook Pro

#1
A custom USB-C cable can jailbreak the T2 chip in a MacBook Pro

The security researchers that found a vulnerability in Apple’s T2 chip have developed an exploit using a clone of an internal debugging cable that can hack a Mac without user action.

Earlier in October, the checkra1n team disclosed the unfixable vulnerability that essentially allows an attacker to jailbreak the T2 security chip in a Mac. Once they do, all types of malicious attacks can be carried out on an affected macOS device.

Now, the team has demoed a real-world attack that takes advantage of a specialized USB-C cable used internally by Apple for debugging.

As depicted in a YouTube video, the exploit causes a machine to crash once the cable is plugged in. A second video posted to the team’s YouTube account showed that the attack was successfully by modifying the Apple logo at boot.

The attack is carried out by a specialized debug probe cable used by Apple and known internally as “Kong,” “Kanzi,” or “Chimp.” These cables work by allowing access to special debug pins within a USB port for the CPU and other chips.

these “Chimp” cables have leaked from Cupertino and Apple retail in the past, but security researcher Ramtin Amin created an effective clone of the cable. Combined with the checkra1n team’s exploits, it allows for this type of attack to be carried out.

Although the video demonstration shows they modifying the Apple logo, the team notes that the same exploit can be used to replace a device’s EFI and upload a keylogger. That’s possible because a mobile Mac’s keyboard is connected directly to the T2 chip.

The proof-of-concept exploit was disclosed by checkra1n security researchers Rick Mark, Mrarm, Aun-Ali Zaidi, and Home3us34. The team also announced that a version of the cable will soon be available for sale.

Who’s at risk, and how to protect yourself


As noted earlier, these specialized debug cables can sometimes be found in the wild. With a commercial clone soon to be available, there’s a good chance that most Mac models on the market with a T2 chip could be vulnerable.

Of course, the attack requires direct physical access to a Mac, which rules out most types of scenarios for the average user.

However, users who may find themselves targeted by nation-states or cybercriminals should ensure that they have keep their MacBook or Mac safe by ensuring no one they don’t trust has physical access to it.



https://www.sickgaming.net/blog/2020/10/...cbook-pro/
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
  AppleInsider - Apple sued over ‘stage light’ MacBook Pro display issue xSicKxBot 0 59 08-20-2020, 06:16 PM
Last Post: xSicKxBot
  AppleInsider - Sofia Coppola to adapt novel ‘The Custom of the Country’ for Apple TV+ xSicKxBot 0 110 05-13-2020, 03:45 AM
Last Post: xSicKxBot
  AppleInsider - Apple sued over 2016 MacBook Pro ‘stage lighting’ issue xSicKxBot 0 158 05-06-2020, 11:25 PM
Last Post: xSicKxBot
  AppleInsider - New AirPods could launch in May alongside MacBook Pro refresh xSicKxBot 0 179 04-19-2020, 10:15 PM
Last Post: xSicKxBot
  AppleInsider - Apple to release new 13-inch MacBook Pro in May, leaker claims xSicKxBot 0 219 04-06-2020, 08:15 PM
Last Post: xSicKxBot
  AppleInsider - 2020 iPad Pro models feature 6GB of RAM, U1 chip across the board xSicKxBot 0 212 03-19-2020, 10:23 AM
Last Post: xSicKxBot
  AppleInsider - This 8-core 16-inch MacBook Pro deal ends tonight xSicKxBot 0 235 02-09-2020, 06:51 AM
Last Post: xSicKxBot
  AppleInsider - Best MacBook Pro blowout deals: save up to $3,300 instantly xSicKxBot 0 248 02-08-2020, 01:36 PM
Last Post: xSicKxBot
  AppleInsider - Apple now allows developers to distribute custom apps to schools xSicKxBot 0 256 02-07-2020, 09:08 AM
Last Post: xSicKxBot
  AppleInsider - Comparing Apple’s 13-inch MacBook Pro & 16-inch MacBook Pro xSicKxBot 0 315 11-19-2019, 11:50 PM
Last Post: xSicKxBot

Forum Jump:

Become a Patron!
[-]
Upcoming Events

[-]
Latest Threads
Mobile - Tactical shojo RPG, Illusion Co...
Last Post: xSicKxBot
Today 11:01 AM
» Replies: 0
» Views: 0
Microsoft - 3 Teams features that help k...
Last Post: xSicKxBot
Today 11:01 AM
» Replies: 0
» Views: 0
News - Review: GONNER2 – Another Way To ...
Last Post: xSicKxBot
Today 11:01 AM
» Replies: 0
» Views: 0
News - Gallery: Lots Of Gorgeous Hyrule ...
Last Post: xSicKxBot
Today 11:01 AM
» Replies: 0
» Views: 0
News - These Metal Gear Solid Air Jordan...
Last Post: xSicKxBot
Today 11:01 AM
» Replies: 0
» Views: 1
[Tut] How To Kill A Thread In Python?
Last Post: xSicKxBot
Today 05:40 AM
» Replies: 0
» Views: 4
(Indie Deal) FREE Ghost Sweeper, ? NBA 2...
Last Post: xSicKxBot
Today 05:40 AM
» Replies: 0
» Views: 4
News - Nintendo Is Permanently Reducing ...
Last Post: xSicKxBot
Today 04:13 AM
» Replies: 0
» Views: 3
News - Blade Runner: Enhanced Edition De...
Last Post: xSicKxBot
Today 04:13 AM
» Replies: 0
» Views: 5
Humble Ultimate Fantasy Game Development...
Last Post: xSicKxBot
Yesterday 10:00 PM
» Replies: 0
» Views: 7

[-]
Twitter

[-]
Sponsored
Get the Deal of the Week at RefurBees.com

Copyright © SickGaming.net 2012-2020