What does the ‘jailbreak’ of the Mac T2 chip really mean and why it is not so worrisome

If there is an absolute maxim in the world of technology, it is that nothing is 100% secure. Any software, device, chip or component is susceptible to being breached in its security for a very simple reason: everything is created in the first instance by humans and they are wrong. Nothing simpler.

It has been shown several times how hackers (security researchers) have managed to compromise the security of Apple’s SoCs for their devices (the Ax) and do what is colloquially known as jailbreak. But what is this technically? We are going to explain it and we will also tell you what it means that this technique has been able to be carried out in the T2 chips that control the security of Macs launched in recent years, such as the last iMac of 2020 that we analyze here.

Jailbreak, circumvent the system’s digital signature

The first iPhone already had an app execution control system by digital signature. In other words, Apple created a certificate authority that generates two associated certificates: one public and one private. The way Apple signs: it uses the private key to encrypt the data and the data can then be validated against the public key. In this way, it is certified that the program comes from Apple. It is a check that the system does even on each page of code execution in memory.

Digital signature diagram from our Secure Development course at Apple Coding Academy.

Broadly speaking, and to make it even clearer: the data is calculated a hash or fingerprint, which allows verifying the integrity of the data. If a single byte of the data changes, the fingerprint is different and then we can know that the data has been modified and is not the original from which the hash. Saying hash it is encrypted with the private key of the Apple certificate authority. This private key is absolutely secret for obvious reasons. And in addition, it is updated over time to new algorithms that protect it even more and even rotate so that if said key were compromised, the entire data history would not be jeopardized.

The verification of digital signature is one of the essential steps in the security of Apple devices. If any code when decrypting its hash with the Apple public key does not have the same hash as the decryption, it is invalid and its execution is prevented.

When you take a signed code or program, the part that is distributed is the public key of the certificate. A part that does not compromise security, does not allow encryption (decryption only) and is used to decrypt the hash. Once decrypted, the hash of the data and it is compared. If they are the same, the data is correctly digitally signed by the authority that encrypted the hash the first time with the private key.

Apple reminds developers that they can improve the security of their applications using the App Attest API

He jailbreak what it seeks is to circumvent that verification: to skip it. In this way, when a device has jailbreak, although the hash of a code or program does not coincide in any way with the one used to encrypt, or is not even signed, the system will not check this fact and will let anything run on our device.

Jailbreak means skipping the validation that the programs that are run have a valid Apple digital signature, which opens our device to any program and, collaterally, unprotects it from any malicious attempt to control it or obtain its information.

In good law and for safety, we should never do jailbreak to a device as we could compromise its integrity by opening it to the execution of any software, and with it, we do not have the guarantee that any app, tweak or pirate game, have any modification to install some kind of tracker in the system that sends what we write to any server, to enable our cameras at will, to extract the data from it by having free access to the file system and many other dangers.

The T2, compromised by a method similar to the jailbreak of the iPhone or iPad.

At the beginning of October, a piece of news was made public that derived from a discovery made public in August about the security of the T2 chips that control the security of the Macs launched in recent years. A chip that has its own operating system called BridgeOS and that is in charge of data encryption and secure boot or safe boot of Macs to prevent them from being compromised in a way similar to iPhone or iPad.

We can’t forget that The T2s are based on an Apple Silicon A10 Fusion SoC, so it seems that part of its design errors that allow certain exploits in its security, have been inherited by the T2 chips.

The unc0ver tool reaches version 5.0 and allows jailbreak up to iOS 13.5

In August, the bug known as Blackbird was made public, exploiting a security flaw in all Apple chips up to the A11 Bionic, that compromises the Secure Enclave security chip and allows arbitrary code to be executed (unsigned code) when the device is in Factory Recovery (or DFU) mode. This bug is not a program that is loaded onto the Secure Enclave, it is a design flaw of the software which runs on the ROM of the chip itself (in its main program). A memory that cannot be updated or overwritten (it is read-only) and therefore is unpatchable.

The Blackbird exploit allows you to take advantage of a security flaw in the Secure Enclave chip of all Apple devices, even those with an A11 Bionic. A fault that cannot be corrected because it is in the code recorded in the chip’s read-only memory.

To this failure of the Secure Enclave must be added another exploit used to get jailbreak to devices: the checkm8. East It takes advantage of a fault that can also be seen in the boot of the iPhone and iPad (in the BootROM). So when checking that the operating system that is booted is correctly signed by Apple, you can skip that check and boot a modified system (one that does not verify any signature and is open). Another error that affects all devices from the A5 (iPhone 4s) to the iPhone 8 or iPhone X with the A11 Bionic chip. The latter was made public in September last year.

The sum of two exploits to attack T2

As we have already discussed, the T2 is a variation of Apple’s A10 Fusion and it also has these bugs. So it has been shown that the common use of Blackbird and Checkm8, allow to compromise the chip and compromise the security of Macs with this chip.

It is a failure that cannot be fixed in any way, but on the other hand requires physical access to the machine. We cannot exploit these failures remotely in any way: we must have the machine with us to take advantage of that error and gain some advantage from the equipment.

What can be done or what are the consequences? They could create devices (or even cables) that connected by USB-C when the computer starts, allow to execute the exploits and basically, take control of the machine. Get access root and control or modify the system in any of the devices connected to it and configured (usually, the storage). Even if it’s encrypted.

Both exploits launched during the machine startup with a device connected by USB-C (even a cable with a chip in its connectors), could allow modifying the boot, injecting malicious software and controlling the computer.

However, accessing encrypted disks is not trivial if you use FileVault 2 because these exploits they don’t allow you to get the key though Yes, a brute force attack can be launched that will find the team key with the necessary time. Like when in the movies they plug in a pendrive and they wait for it to “do its magic.” Because what does prevent the attack is that the security deadlines that computers normally have are applied to avoid these practices.

MacBook Pro 16 “(2019) Review: The Creator’s Generation

If control of the machine is taken and malicious software is installed at the administrative level, we could have cases of installation of (for example) software RAT that could control our equipment (Remote Administration Tool) which is also an incipient danger. And calm, if you turn on the webcam the light will always turn on Well, in Macs the LED does not have an independent mechanism and is connected to the camera’s power cable. So it is materially impossible to turn on the webcam without the LED turning on.

But hey … let’s calm down a bit.

The best thing we can do if we feel we may be in danger is not to let our team “off guard.” And put a good key in FileVault to it to, at least, put a little more trouble to access the data. As it is not an attack that can be carried out remotely, the danger is less but they are those things that we are always exposed to with technology because nobody is saved and nothing is 100% safe.

This information, however, is not without controversy since even the security teams behind exploits on iOS they doubt that this attack could really have been carried out and that we are not talking about a mere proof of concept or noise to try to gain presence in the media. We are not talking about the possibility of carrying out the attacks, which is very real: we are talking about the fact that some exploit real that takes advantage of it and poses a real danger. That is to say: the hole is there but by itself it does nothing and the question is whether someone has really managed to benefit from these failures.

If we think that our team might have been compromised, there is a partial solution which is reinstall BridgeOS system from T2 chip, so the attacker would have to re-compromise our equipment. You can follow the instructions here. We can check if we have been attacked, checking the integrity of the computer’s SMC data with this utility and see if we have been attacked.

As Apple will completely change the architecture of startup and operation of Macs with Apple Silicon, it is obvious that this exploit It will not affect you in any way, although I insist, that does not mean that in X time another fault will be taken and started again. In security, we can never be 100% sure.