Apple's T2 Security Chip Has an Unfixable Flaw

A RECENTLY RELEASED tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.

"The T2 is meant to be this little secure black box in Macs—a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise—but now it's been done."

Apple did not respond to WIRED's requests for comment.

"This chip, which was supposed to provide all this extra security, is now pretty much moot."
-PATRICK WARDLE, JAMF

There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can't remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn't "persistent"; it ends when the T2 chip is rebooted. The Checkra1n researchers do caution, though, that the T2 chip itself doesn't reboot every time the device does. To be certain that a Mac hasn't been compromised by the jailbreak, the T2 chip must be fully restored to Apple's defaults. Finally, the jailbreak doesn't give an attacker instant access to a target's encrypted data. It could allow hackers to install keyloggers or other malware that could later grab the decryption keys, or it could make it easier to brute-force them, but Checkra1n isn't a silver bullet.

"There are plenty of other vulnerabilities, including remote ones that undoubtedly have more impact on security," a Checkra1n team member tweeted on Tuesday.

In a discussion with WIRED, the Checkra1n researchers added that they see the jailbreak as a necessary tool for transparency about T2. "It’s a unique chip, and it has differences from iPhones, so having open access is useful to understand it at a deeper level," a group member said. "It was a complete black box before, and we are now able to look into it and figure out how it works for security research."

The exploit also comes as little surprise; it's been apparent since the original Checkm8 discovery last year that the T2 chip was also vulnerable in the same way. And researchers point out that while the T2 chip debuted in 2017 in top-tier iMacs, it only recently rolled out across the entire Mac line. Older Macs with a T1 chip are unaffected. Still, the finding is significant because it undermines a crucial security feature of newer Macs.

Jailbreaking has long been a gray area because of this tension. It gives users freedom to install and modify whatever they want on their devices, but it is achieved by exploiting vulnerabilities in Apple's code. Hobbyists and researchers use jailbreaks in constructive ways, including to conduct more security testing and potentially help Apple fix more bugs, but there's always the chance that attackers could weaponize jailbreaks for harm.

"I had already assumed that since T2 was vulnerable to Checkm8, it was toast," says Patrick Wardle, an Apple security researcher at the enterprise management firm Jamf and a former NSA researcher. "There really isn't much that Apple can do to fix it. It's not the end of the world, but this chip, which was supposed to provide all this extra security, is now pretty much moot."

Wardle points out that for companies that manage their devices using Apple's Activation Lock and Find My features, the jailbreak could be particularly problematic both in terms of possible device theft and other insider threats. And he notes that the jailbreak tool could be a valuable jumping off point for attackers looking to take a shortcut to developing potentially powerful attacks. "You likely could weaponize this and create a lovely in-memory implant that, by design, disappears on reboot," he says. This means that the malware would run without leaving a trace on the hard drive and would be difficult for victims to track down.

The situation raises much deeper issues, though, with the basic approach of using a special, trusted chip to secure other processes. Beyond Apple's T2, numerous other tech vendors have tried this approach and had their secure enclaves defeated, including Intel, Cisco, and Samsung.

"Building in hardware 'security' mechanisms is just always a double-edged sword," says Ang Cui, founder of the embedded device security firm Red Balloon. "If an attacker is able to own the secure hardware mechanism, the defender usually loses more than they would have if they had built no hardware. It's a smart design in theory, but in the real world it usually backfires."

In this case, you'd likely have to be a very high-value target to register any real alarm. But hardware-based security measures do create a single point of failure that the most important data and systems rely on. Even if the Checkra1n jailbreak doesn't provide unlimited access for attackers, it gives them more than anyone would want.

source

BOTH THE ORIGINAL, 2002 version of Mafia and the recently released Mafia: Definitive Edition begin with a familiar framing device. The game’s protagonist, a cookie-cutter Italian American mafioso named Tommy Angelo, heads to a diner and sits down with a police detective to relate the story of how he became a key player in a fictional 1930s mob family—and why he now wants out.

As Tommy introduces us to the Salieri family and describes his years-long climb up its ranks, the player is reminded of Ray Liotta’s Goodfellas narrator, Robert De Niro’s Casino voiceover, or any sundry Scorsese-influenced crime movie, from Lock, Stock, and Two Smoking Barrels to Road to Perdition, Layer Cake, and Lawless.

Familiar Tropes, Remastered

The rest of the game is equally reminiscent of mob movies players will likely have seen before. Its aesthetic references are Prohibition-era Chicago, abstracted here as the city of Lost Heaven, but, even within that framework, we get a sort of greatest hits of every gangster film beat.

Tommy is captivated by the excitement and glamor of finally making good money. His pals Paulie and Sam show him the ropes of a job that involves everything from debt collecting and bootlegging to carrying out hits and surviving ambushes. He gets married and moves into a nice house. He ends up disillusioned by the violence and danger of the mob and, in the frame story, decides to leave the business. It’s even noted at one point that he overcame a drinking problem after joining the mob, a cursory bit of backstory briefly mentioned perhaps to make sure another genre trope got its due.

It isn’t that the game doesn’t fare well in its remaster on a moment to moment basis. In place of the original’s clunky controls, stiff character models, and flat cityscape, the new version features much improved driving and gun-fighting and wonderfully emotive faces. The game also features early 20th century urban landscapes that enhance the drama of tense conversations and the joy of traversing Lost Heaven’s streets.

Definitive Edition’s problems, however, are thornier ones than surface level complaints. They’re related to the wisdom of remakes and remasters as a whole. Everything that happens to Tommy and the Salieri family is something we’ve seen before. This was also the case in 2002, but now, 18 years later, going through Definitive Edition’s remade version of the same plot forces the question: Why, exactly, does Mafia’s story need to be retold for a modern audience at all?

What Does Mafia Have to Say Today?

While revisiting the welcomingly straightforward, fluff-free mission design of a 2002 open world game is enjoyable, the 2020 Mafia can’t overcome the fact that it’s ultimately a mobster game that replicates a plot first written nearly two decades ago. In the time since the original’s release, the genre has changed enormously. We’ve seen The Sopranos end, wrapping up a landmark examination of the mafia through the stacked lenses of class, race, sexuality, and turn of the millennium American culture. We’ve seen crime movies like Ridley Scott’s American Gangster and Nicolas Winding Refn’s Bronson explore the effects of the drug war and economic disenfranchisement and the drive to violence itself. Martin Scorsese seemingly bid farewell to the genre with last year’s The Irishman, a sprawling send-off that used the life of Bufalino family and Jimmy Hoffa associate Frank Sheeran as the framework for a powerful (and powerfully depressing) look at American crime, politics, and masculinity. Even the era Mafia is set within—the United States’ volatile 1930s—has been explored in depth over seasons of Boardwalk Empire and in movies like Michael Mann’s Public Enemies.

In light of this, even a gussied-up version of Mafia feels archaic and tired—yet another mob story in the post-Godfather mold, set apart mostly by its almost total lack of interest in women as characters, its cartoonish wise guy voice acting, and its devotion to replicating genre tropes without either skepticism or much of any insight.

If the original story was bold or thoughtful enough to make a greater impact on its genre—if it inspired rather than took inspiration from other sources—it might be easier to ignore that Definitive Edition is a game that’s preserved in early ‘00s amber. But its total adherence to what was already cliché 18 years ago means it feels even more hopelessly out of step in the current day.

The peril of such direct reference to other media is on full display in the remade Mafia. It forces players who come to the game for reasons other than to wade around in nostalgia to ask what there is to take away from the experience other than a bit of idle distraction. At the end of the game, Tommy has learned the decidedly unrevelatory lesson that crime doesn’t pay—that mafia families aren’t the same as real families and that a life of violence and material excess has a way of catching up to people in the end. The audience, having seen these same themes moved beyond (or handled more capably) in other mob stories, isn’t likely to be blown away.

Another Way Forward

Barring remakes and remasters, the most recent Mafia game to come from Definitive Edition developer Hangar 13 is 2016’s Mafia III—the story of a Black Vietnam veteran who returns to his home in a fictionalized version of 1960s Louisiana to take revenge on rival mobsters and, along the way, try to dismantle the white supremacist systems that control his city. In III, we see a different, more relevant version of the mob story, one that looked not to Coppola and Scorsese movies, but to ’60s and ’70s Blaxploitation films as inspiration for a crime game about the tragic proximity of decades-old systemic racism to the modern day. Mafia III felt vital. It felt like more than another crime game.

This sort of precedent makes it exciting to imagine Hangar 13 exploring a mafia or crime story that isn’t bound to aged material—to think of what the studio could do with a story that acknowledges where the genre has gone over the last 18 years and that looks to contemporary American society for inspiration as to the themes it wants to explore. Instead, for now at least, the series remains stuck in the past. It’s not that Mafia: Definitive Edition is a bad game, per se. It’s just one that feels in so many ways like we’ve played through it too many times before.

source

DURING HER TWITCH show Church of the Infinite You, rapper Jean Grae delivers sermons that could uplift pretty much anyone, regardless of their religious or spiritual beliefs. “If I can remind someone to keep pursuing a dream, to get toxic people out of their life, or to embrace who they are, I’m happy,” Grae explains.

Oliver Blank, an artist in Oakland, California, discovered Grae’s show during quarantine. “I was isolated in my apartment and I wanted to find an intentional, hopeful community,” Blank says. The show helped ease Blank’s loneliness and also illuminated how online spaces like YouTube Live, IGTV, and Twitch can be more than virtual distractions—they can be sources of legitimate human connection.

From crumbling relationships and job loss to death, illness, and increased overall stress, the pandemic has triggered what feels like an avalanche of suffering. “We’re all facing loss,” says Abigail Levinson Marks, a psychologist in San Francisco who specializes in grief. Covid-19 hasn’t just taken the lives of nearly 1 million people worldwide; it’s also resulted in missed career opportunities and derailed our sense of security. Left unaddressed, grief can morph into depression, anxiety, or post-traumatic stress disorder, which makes finding a supportive community essential for our well-being.

Support groups, therapy groups, and wellness retreats are ways to connect with those who share similar struggles. But in the current absence of in-person outlets, people are increasingly looking for support online, says Claire Bidwell Smith, a grief expert and author of Anxiety: The Missing Stage of Grief.

For Blank, the pandemic altered his career plans, but it also opened a new opportunity. Earlier this year, he planned to turn his art project The One Who Got Away into a museum exhibit. His project, which was featured in 2014 on the PBS show The Art Assignment and later became a podcast, invites people to answer the question “What would you say to the one who got away?”

Due to museum closures, Blank’s exhibit was sidelined. But his recent interest in Twitch led him to transform The One Who Got Away into a live call-in show on the streaming site. “We all have a missed connection, lost love, or a lost opportunity that got away from us. The show is a space where we can reflect on these feelings and set aside time to grieve,” he explains, noting that people who call into the show can share anything they’d like to say to their “one who got away.” Since 2014, Blank has received thousands of messages from callers around the world, and he plays those older messages too.

In one message, a caller laments, “Regrets are scars we carry forever. My scar is a reminder to do better next time.” Another person shared, “Friendship is not an easy thing. I’m sorry for disregarding you.” Afterward, Blank mentions that most of us have probably experienced this feeling of regret. He says, “Take a step and reach out. It’s OK if you missed your chance. The trick is learning how to carry your truth.”

If you’re searching for an online community, Blank says the first step is to decide what type of support you need. Often, people long to meet others who are going through a similar experience, such as a break-up, a mental health struggle like depression, or the death of a loved one. Others may need a safe space to discuss dysfunctional family relationships or issues related to race, gender, or sexuality.

If you’d like to find Twitch shows similar to Church of the Infinite You and The One Who Got Away, tap on the Discover icon and search under categories like Talk Shows and Podcasts or Just Chatting. You can also find support on YouTube live, Instagram, and pretty much any social media outlet. For instance, on IG, The Sad Girls Club provides people of color a safe space to candidly discuss mental health concerns. Inspiring mantras, such as “Nothing ever leaves us until it teaches us what we need to know,” as well as journal prompts like “I need to forgive myself for …” are shared.

Whatever type of support you’re looking for, it’s crucial to feel safe. “The downside of online grieving is when someone feels judged or criticized for their grief process,” she says. While public displays of mourning can thread communities together, they also present an opportunity for “grief shaming,” which is harmful.

Finally, if you can’t find the right group, consider starting your own. To start streaming on Twitch, you’ll need a webcam, your computer, and some free software. For IG Live, you’ll need a microphone and a selfie stick or tripod to hold your phone. If you’re looking for something simpler, Zoom may be a good choice.

Once you choose a platform, decide what purpose the group serves. Perhaps you want to discuss pandemic-induced anxiety or use a shared activity, such as painting or drawing, to invoke healing. Unless you’re a licensed therapist, be sure to mention that you’re offering a peer support group and spell out the ground rules for attendees, such as maintaining confidentiality, responding to group members with kindness, and refraining from shaming and judging others.

During quarantine, music lover Damon Ferrara missed seeing his favorite bands perform and spending time with family and friends. As a solution, he started The Listening Club, an online community held via Zoom. “During each meeting, we listen to songs such as “Death by a Thousand Cuts,” by Taylor Swift, and “Life is Sweet,” by Natalie Merchant, says Ferrara.

The songs’ lyrics prompt vulnerability in a “very easy way,” says Ferrara. Themes of self-love, authenticity, and forgiveness have emerged, he says. His group is open to any music lover looking for meaningful conversations and new friends.

“One of grief’s biggest hurdles is feeling like no one understands our pain,” says Levinson Marks, and this can keep us stuck. A big part of grief work is getting past this feeling. “When another person says, ‘I feel that way too,’ it helps us realize we’re not alone.”

source