Passware, a password recovery service, says that it has discovered a new security vulnerability in the T2 chip of  Intel-based Macs that enables it to crack passwords. Apple’s T2 Security Chip is the company’s second-gen, custom silicon for Mac. It allows for encrypted storage and secure boot capabilities, as well as security for Touch ID data.

What is a T2 Security Chip?

Apple’s T2 Security Chip validates the entire boot process by checking if the bootloader and operating system are signed and approved by the company, thus ensuring a secure boot. It prohibits third parties from booting an unsigned operating system and, in turn, blocks unauthorized access to your data. The chip houses an SSD controller as well as a crypto engine which are used to decrypt and encrypt data instantaneously.

Here’s the list of Macs with T2 Security Chips:

• iMac (Retina 5K, 27-inch, 2020)
• iMac Pro
• Mac Pro (2019)
• Mac Pro (Rack, 2019)
• Mac mini (2018)
• MacBook Air (Retina, 13-inch, 2020)
• MacBook Air (Retina, 13-inch, 2019)
• MacBook Air (Retina, 13-inch, 2018)
• MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports)
• MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports)
• MacBook Pro (16-inch, 2019)
• MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)
• MacBook Pro (15-inch, 2019)
• MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports)
• MacBook Pro (15-inch, 2018)
• MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)

Passware Can Take Advantage of T2 Mac’s Security Vulnerability

The Passware Kit Forensic locates all password-protected items on a computer and decrypts them. It can work with over 300 file types and operates in batch mode to recover passwords. Passwords that cannot be recovered instantly are run through Dictionary and Brute-Force methods. The software comes with a new Mac T2 decryption add-on which recovers passwords for Macs with Apple T2 Security Chips.

Carrying out brute-force attacks on T2 Macs was deemed impractical since the T2 chip imposes a limit on the number of password attempts. The only way around it would be to brute-force the decryption key instead, which would take millions of years, owing to its sheer length. 9to5Mac notes that Passware appears to have found a way to bypass the features that prevent multiple guesses. After breaking through the first layer of security, users can apply the dictionary of their choice. Passware supplies a dictionary with 550,000 commonly-used passwords that have been exposed via multiple data breaches and a bigger one comprising 10 billion passwords.

The Passware Kit Forensic does not work remotely, it will need physical access to your Mac. This vulnerability doesn’t affect Macs without T2 chips and Apple silicon-based models. The company says that the module is only available for government organizations and law enforcement.

 [Via 9to5Mac]