T2 exploit team demos a cable that hacks Mac w/o user action
The T2 exploit team who found a way to take over the security chip in modern Macs has demonstrated a way to do so without user intervention — using nothing more than a modified USB-C cable.
The ad-hoc team, who call themselves Team t8012 after Apple’s internal name for the chip, believe that nation-states may already be using this approach.
We recently reported that it could be done.
Speculation that the T2 security chip on modern Macs can be hacked has been confirmed by the team behind the research. A combination of two different exploits would give a hacker the ability to modify the behavior of the chip, and even plant malware like a keylogger inside it.
All Macs sold since 2018 contain the T2 chip, and because the attack uses code in the read-only memory section of the chip, there is no way for Apple to patch it.
The attack involves using two exploits used to jailbreak iPhones. The reason they can also be used on Macs is because the T2 security chip is based on the A10 chip used in older iPhones.
The team has now provided a practical demonstration. A video shows them plugging a USB-C cable into a Mac, and checkra1n being run. The target machine goes to a black screen while the connected computer confirms that it was successfully executed. Note that the connected computer is only verifying the success of the operation — the attack is performed using nothing more than a chip in the cable.