A new, supposedly unpatchable exploit found, for devices with the Secure Enclave chip. I know the old saying: "Macs don't get haxx" or viruses or etcs. But this seems pretty serious, maybe hold off - for people contemplating Apple?

Spoiler

Following devices come with SEC:

iPhone 5s and later
iPad (5th gen) and later
iPad Air (1st gen) and later
iPad mini 2 and later
iPad Pro
Mac computers with the T1 or T2 chip
Apple TV HD (4th gen) and later
Apple Watch Series 1 and later
HomePod

 

I never noticed this place so quiet.



Edit: Signed by Bill Gates

 

Last edited: Aug 3, 2020

This seems somewhat similar to Intel's (and AMD's version) "Intel Management Engine".
Needs physical access which I don't remember if it's mandatory for the Intel vulnerabilities.

This, like all sayings, is partially true and partially wrong. Talking only about Macs here, the reasons for having way less number of known malware/vulnerabilities:
1. There's way more Windows users than Mac ones
2. Mac software is way more tightly controlled

There're other reasons but most are related to the former two.
This doesn't mean Mac OS is less or more secure than Windows. If I had to guess I think Windows, if only for the old software compatibility, should be more prone to vulnerabilities. But I'm no expert about this.

Edited: googled the godamn Intel name

 

Last edited: Aug 3, 2020

Needs physical access.

Nobody touches my Macs but me. Bwahahahaha.

 

I think there are more crackers and exploiters on Windoze than OSX, explains software haxxorz. But this is mainly to warn people who are about to buy a Mac / whatever, that Apple have some fixing to do. It may be that hackers need physical access, but anyone running a studio? 8O

I kinda hope that Applers do this tbh, and go hackintosh. I think that nuking Macs from orbit might be a slight overreaction. But I hope they send the leftover bits to Cupertino, it's the least we can do?

 

Last edited: Aug 4, 2020

The voice of moderation...

 

I guessed you missed the 'This also means that hackers need to have physical access to the device in order to do obtain data.' part in the article about the exploit.

Which means in most cases the exploit is nowhere near as bad as it first sounds.

How hard is it to boot from a Windows install CD into a default install Windows laptop in comparison (where the system drive is not encrypted by default)?.....

 

I find the term "crackers" offensive to white people tbh.

however, the topic is kind of blessed - there are numerous of vulnerabilities in Apple's devices and systems, too many has been uncovered during the last few years so...

 

Remember Meltdown?
;)

 

the NUMBER ONE H4xX0r on APPLE is this guy
https://www.youtube.com/user/rossmanngroup/videos

 

I actually like that. At least some backdoor to recover your data from these stupid T1 and T2 protected machines.Because if this thing fails, all your Data = gone. And that's why I love Hackintoshes

 

PPBusG3hot all day! ;)

 

I'd hoped to hear something back from Applers, but I guess they've all (wisely) baked their motherboards in a microwave!

It's a bizarre decision to bake a security feature into hardware. There's arguably been one "success", so far. The rest is absolute, unfixable failure. In this case, studio owners can now be (potentially) held to ransom (ware) by anyone =(

Weird too, that Apple stopped using Intel chips because Meltdown / Spectre bugs. You'd think they'd have learned something! (AMD is the better option?)

 

You give me physical access to 88% of machines on this planet without 3rd party encryption and I will get your data. Until just recently Apple had the most secure data if you lost your device. This exploit just brings them down to same level as everyone else in computing; if you loose your device and the hacker is willing to destroy the device to get at the data inside of it they now have a way in.

So for 99.9999% of the people on this planet that have nothing worth stealing to begin with and don't loose their computers or phones on a Moscow subway on a weekly basis this exploit is about as meaningful as the thoughts and prayers offered by politicians whenever something terrible happens that they have no intention of actually fixing.

 

Apple have never said they moved from Intel due to those bugs anyway - much more that they control the whole ecosystem if they also make the CPUs for all their hardware.

 

I think because this exploit will only affect first time hardware buyers or idiots.
Most audio/visual types who have run their studio on older Apple hardware for 20 years are not about to change anything, plus we're not all stupid enough to ever invest in Apple hardware again! Especially when Hackintosh is the way if we really need to use Logic as a daw. And I hope that most made this decision within the last 10 years, due to all the fuckery they have thrown at us.

 

I love the analogy, but I guess (with practically all iPads and iPhones being affected) this is another thing to exploit that I hadn't thought of: just grab and run with any random iPhone and get all the victim's Apple Pay $ / miscellaneous credits as a bonus! Also, it just means physical access to the device, not the mobo or w/e.

Agreed. Apple have got a real issue here, and I think that any studio owners are going to have to wipe after every single session. If they haven't been ransomwar'd, so it's impossible? I have no idea, rly, if auto wipe / reinstall is possible to do easily?

 

Scaremongering much? Do PC studio owners who are almost guaranteed to have have zero encryption on their hard disks at all wipe every session?

The fact that by default OSX system drives are usually encrypted already gives Mac owners one more layer of protection than almost all PC owners in the first place.

You're clearly an Apple hater which is up to you but some of your comments on here are laughable quite frankly.

Oh yeah and most confirmed ransomware attacks this year have been on PC not Mac...

 

It is actually extremely easy to do with Time Machine and it comes with every mac. You can even automate the process to happen at a recusing time and interval of your choosing if you like. Extracting keys from the SEC T1 T2 will pretty much destroy the device as hacking the actual chip is not the same as an attack on the operating system (BTW my Pixel3 phone also has a T1 M chip that is vulnerable in the same exact way as iPhones, this isn't really an Apple only issue.)

I just don't see what real issue you are referring to. I like *nix machines and by extension I am somewhat partial to Apple products but I don't see how this affects studio owners at all. The biggest problem with this exploit is going to be phones and ipads as they are easy to loose and people are hesitant to brick them remotely which could give a hacker time to get the data on it.


So the process goes something like this...

get stolen device,
go to your work area open it up,
remove very small chip using soldering iron without frying it to insert jtag leads
haxorz the chip to get keys from flash RAM
If you have not fried the chip or MB you can now careful remove jtag leads and resolder it to MB
Use a boot drive that you have root access on take ownership of the volume you've just obtained the keys for by mounting it and taking ownership you now have access to the data physically stored on device or in icloud is mirrored onto that device.

If you fried the chip or the MB but successfully retrieved keys for data on the disk, you can mount it through a console and take ownership of the drive by providing the key and changing all the permissions, the system taking ownership has to be able to read and write APFS and APFS+.

This doesn't give you keychain access you will still have to know you AppleID's info because the passwords for your ID and Apple Pay and whatever else are still stored with SALT so you still have to provide the missing info if the device asks for it as authentication is not part of the default localized encryption daemon's scope.
​

It's all pretty heady stuff. Compare that to just plugging in a Linux Live CD USB key or Even worse portable KALI Linux on a USB key and having all that same information and more in less than 4 mins, without any of the soldering and futzing about with permissions. Also, there is no penetration path on OS X for Ransomware without people installing themselves from hacked installers from dubious torrent sites. Lets not make seem like any flavor of *nix is as easy to penetrate Windows which has always had multiple exploit vectors and users who willingly follow <CLICK HERE NOW> tags with UAC off to make matters even more fun.

What Pangu Team has done is superior work, hats off to them. What this will allow for usefully is make Jailbreaking iPhones and iPads to bypass Apps Store and other sundry things possible once it can be done through terminal or dev/root access.

Though the practical ramifications for the everyday hacker who is trying to steal your titty pics or dick pics and probably isn't willing to waste 6 hours on your device to get see what is inside are almost nill. The difference now though is that devices with hw level encryption that rely on Titan security co-processors are no longer bricks. This is the backdoor the FBI and other governments wanted from Apple for years and it's probably been in existence for a while as the FBI did pay some hacker team somewhere to crack some lunatic gunman's iphone that they had killed but wanted to see inside of the phone for leads into other extremists they had been in contact with. Apple wanted a warrant from a judge, etc... long story look it up if you are interested.


Long Story Short, it is kind of cool but unless you are using your Apple device as data vault and you are important enough to have data sensitive enough to need a vault this very cool and super creative exploit, which has probably existed for a long time and now has been release to the wild as Apple in no longer building excursively in China but also in India changes nothing except for very few very powerful people who perhaps can no longer take their secrets to the grave with them.

If you want to use any device as security vault please use 2 layer encryption with a third party layer. No encryption is perfect but 2 layer hw/sw 3rd party salted keys will make it very difficult for anyone to get to your data no matter which OS you are on.

 

Last edited: Aug 5, 2020

Whenever I've mentioned Unix, Applers have always been at pains to say "but.. BSD much different / moar secure etcs", which is pretty meaningless to me. The rest (software haxx) is likely just a matter of time, if not allready here. I think that the T1/T2 chips were supposed to mitigate against cold boot (etcs) haxx, which may not even be needed now. Or (necessarily) for iPhone / iPad.

I admit I don't use Apple - it's all largely guesswork to me - but I like smarter: Core audio is (was) a big draw. Compare ASIO; which some drunk idiot thought up. And the architechture in general. If not the company - walled-garden, decade-late hardware, decade-future-priced garbage. And now they're producing more chips in-house? ¯\_(ツ)_/¯

I think the warning (this topic) is to avoid complacency, epecially for studio owners; and iPhone / iPad owners who are never, ever complacent. And also maybe Scarlett Johannsen? I know she likes arguing about which compressor sounds most analog, hopefully stumbled across this.

Yeah, exactly! With an unfixable, exploitable security "feature" (bug) everyone should be concerned nao. I wouldn't buy anything Apple until they fix this feature (and introduce far moar exciting "features" in the process)! Hackintosh seems like the only way now.

I don't think we should concern ourselves with PC security; I've never heard anyone be complacent about the garbage security on PCs! Maybe Apple can proudly, triumphantly advertise "Apple: now as secure as a PC!"

Spoiler

But encryption is easily available everywhere, fairly trivial to bypass. I mean, that cold boot ("heady") stuff is only needed to get the key if the target is shutdown, trivial to get if the computer / phone is on / sleeping! And was supposed to be impossible because reasons (the vulnerable chips.)