After revealing that it has found a way to take over the security chip on modern Macs, the T2 utilization team has now shown that it can do so without user intervention by using a modified USB-C cable.
Members of the ad hoc team are called Team t8012, which is a reference to Apple’s own internal name for the T2 security chip that the company has incorporated in all units since 2018.
In addition to showcasing its new USB-C Debug Probe now available for pre-order, the T2 team has also released a video showing exactly how it is capable of taking over Apple’s Mac computers. The video shows a team member plugging a USB-C cable into a Mac and running control on it.
The target machine goes to a black screen while a connected computer indicates that the operation was performed. However, another computer is not required for this attack, as it is performed using a chip inside the modified USB-C cable. The T2 team also released a new video showing how it managed to change the famous white Apple logo that was seen during startup.
USB-C troubleshooting probe
In a blog post titled “Plug̵
By making a special equipment the size of a power charger, we can place a T2 in DFU mode, run checkra1n, replace EFI and upload a key logger to capture all keys. This is possible even if macOS has not been changed (the logo at startup is for effect, but does not need to be done). This is because the keyboard in Mac laptops is directly connected to the T2 and forwarded to macOS. ”
9To5MacBen Lovejoy spoke with Team t8012’s Rick Mark who explained to him that he decided to participate in the T2 survey, as he thought it was possible to take over a Mac, and that the same methods used by the T2 exploitation team could already be in use in the wilderness.
Although an attacker needs physical access to a Mac computer to compromise security using a modified USB-C cable, Mark suspects that nation states and possibly even organized crime are already using this method of targeted attacks.
Team T2’s USB-C Debug Probe is currently available for pre-order for only $ 49.99, and we’ll probably hear more when it’s in the hands of security researchers who can confirm its full potential.