Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com)

← Back to Stories (view on slashdot.org)

Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com)

Posted by BeauHD on Tuesday October 30, 2018 @10:03AM from the safety-first dept.

An anonymous reader quotes a report from TechCrunch: Buried in Apple's latest range of MacBooks -- including the MacBook Pro out earlier this year and the just-announced MacBook Air -- is the new T2 security chip, which helps protect the device's encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device's microphone from the rest of the hardware whenever the lid is closed. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," said the support guide. The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed." Apple said the new feature adds a "never before seen" level of security for its Macs, without being quite so blunt as to say: Macs get malware too.

84 of 145 comments (clear)

Min score:

Reason:

Sort:

T2 chip? by b0s0z0ku · 2018-10-30 10:06 · Score: 2

Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)
1. Re:T2 chip? by b0s0z0ku · 2018-10-30 10:10 · Score: 2
  
  No. We don't need a lockdown chip aka modern version of the Clipper Chip polluting our hardware.
2. Re:T2 chip? by msauve · 2018-10-30 10:20 · Score: 1
  
  Yep. No need for some special "T2" chip - all (?) laptops have a lid switch, and stopping an analog signal based on it being closed isn't high tech.
  
  Next week, we'll hear of some security flaw which allows evildoers to listen in based on fluctuations in SSD access times, or some such.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
3. Re:T2 chip? by Rick+Schumann · 2018-10-30 10:27 · Score: 3, Insightful
  
  Is the T2 chip really needed to implement a simple hardware disconnect?
  No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.
4. Re: T2 chip? by GrahamJ · 2018-10-30 10:58 · Score: 1
  
  The wheel is pretty easy to implement too.
5. Re:T2 chip? by Anonymous Coward · 2018-10-30 11:08 · Score: 1
  
  Yes I agree this is its actual purpose is to keep you from soldering your own chips on your motherboard or changing components out you don't like or tinkering. They are trying to change the paradigm of you don't own your own hardware you bought yourself. Just like John Deere and the Auto companies are keeping you from modding your vehicles or repairing our own tractor. Apple is ushering in a new era of we own your hardware. They will go after people now if you circumvent this device.
6. Re:T2 chip? by GerryGilmore · 2018-10-30 11:08 · Score: 1
  
  Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...
7. Re: T2 chip? by msauve · 2018-10-30 11:26 · Score: 1
  
  If the thunder don't get you then the lightning will.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
8. Re:T2 chip? by Cmdln+Daco · 2018-10-30 11:33 · Score: 1
  
  How much do you want to bet it will also be used as a Hackintosh Defeat Device?
9. Re:T2 chip? by Anonymous Coward · 2018-10-30 11:37 · Score: 2, Interesting
  
  It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.
10. Re:T2 chip? by jcr · 2018-10-30 12:10 · Score: 3, Informative
  
  No, its primary purpose is to store your fingerprint and encryption key data securely. Google "Apple Secure Enclave" and read all about it.
  -jcr
  
  --
  The only title of honor that a tyrant can grant is "Enemy of the State."
11. Re: T2 chip? by rworne · 2018-10-30 12:38 · Score: 1
  
  Unfortunately, we are not talking about or thunderbolt or lightning ports. The cameras on all modern Macs are USB devices.
  
  --
  I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
12. Re:T2 chip? by bonedonut · 2018-10-30 12:43 · Score: 1
  
  So how long until this chip wants to find Sarah Conner?
13. Re: T2 chip? by msauve · 2018-10-30 13:21 · Score: 1
  
  "we are not talking about or thunderbolt or lightning ports. "
  
  Please state your confusion in the form of a coherent question.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
14. Re:T2 chip? by postbigbang · 2018-10-30 14:15 · Score: 2
  
  This may well be the intention. The day of the hackintosh seems almost over anyway. There is sufficient bloat in macOS that it rivals Windows 10, although without so many phone-homes and in-your-face ads.
  The Mac is only barely more immune from hacking and malware than Windoze. Even Linux and ?BSDs are having their own problems. I'm not sure the hacks needed to do a Mac clone are worth the trouble. There are a few features that I personally like in High Sierra+, but it's not worth the trouble. My need for encryption is less than most people's. Encrypting a 'home' directory seems a waste of time, given the possible trouble.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
15. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:23 · Score: 2
  
  Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)
  No.
  The T2 chip does a BUNCH of stuff. This was something that took two dedicated pins/pads and a single transistor in the chip.
  Why not?
16. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:23 · Score: 1
  
  No. We don't need a lockdown chip aka modern version of the Clipper Chip polluting our hardware.
  This is NOTHING like the Clipper Chip.
17. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:25 · Score: 1
  
  Is the T2 chip really needed to implement a simple hardware disconnect?
  No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.
  Exactly. Took 5 minutes of engineering time, max.
18. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:26 · Score: 1
  
  Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...
  That's easy: Apple.
  They have been designing custom silicon since the Apple ][ days. Seriously.
19. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:28 · Score: 1
  
  It's also in charge of making sure that if you ever attempt to repair it, it won't boot until you pay Apple for the privilege.
  Prove it.
20. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:48 · Score: 2
  
  It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.
  It does audio processing, transparent SSD encryption, and bunch of other system stuff that applies to both desktop and mobile Macs. In fact, the first Mac with a T2 chip was the 2017 iMac Pro.
  And if you knew any history, you'd know that Apple had the PERFECT opportunity to put a Hardware Lock on OS X/macOS. The first Intel Macs, which were LOANED to Developers for about a year, while Apple cranked out the first Production Macs, were nothing more than a modified G5 Tower case with an Intel Motherboard inside.
  What's important about that? That mobo had a TPC chip, which Apple EASILY could have written a quick driver-for.
  But they never did, and except for I believe the first "real" Intel Mac, the TPC was dropped from the circuitry.
  IMHO, Apple sees the Hackintosh community as an interesting way to gauge how many people are willing to put up with the hassle of getting drivers to work, worrying about Upgrades breaking things, etc., just to have what Apple is not currently providing. The entire Hackintosh community is little more than a rounding-error when it comes to "lost sales".
  But I also believe that if that percentage started to grow, at some point, Apple would make a decision whether to integrate common Hackintosh features into a Product, continue to "wait-and-see", or risk the ill-will of getting dickish with hardware-lock-in for the OS.
  But it has been almost 20 years of OS X, and 15 years of Intel Macs, and it hasn't happened yet. So I wouldn't worry.
21. Re:T2 chip? by TheFakeTimCook · 2018-10-30 15:55 · Score: 2
  
  The Mac is only barely more immune from hacking and malware than Windoze.
  That is demonstrably untrue.
22. Re:T2 chip? by TheFakeTimCook · 2018-10-30 16:06 · Score: 1
  
  No, its primary purpose is to store your fingerprint and encryption key data securely. Google "Apple Secure Enclave" and read all about it.
  -jcr
  Exactly.
23. Re: T2 chip? by arglebargle_xiv · 2018-10-30 18:12 · Score: 1
  
  I didn't know T2 came in chip form, usually it's either loose-leaf or in small packets.
24. Re: T2 chip? by gnasher719 · 2018-10-30 19:57 · Score: 1
  
  Actually, there is a chip in every Mac containing a 64 bit code that is needed during the boot process. Easy to get around. Just enough to invoke the DMCA against any Hackintosh user - if Apple wanted to.
25. Re: T2 chip? by Hallux-F-Sinister · 2018-10-30 20:08 · Score: 1
  
  The T2 is found directly between the T1 and T3, and counting down from the base of the skull, it is the 9th vertebra. It serves as the anchor point for your second rib on your posterior side, which in turn connects anteriorly with your sternum at the sternal angle, (where the manubrium, or upper part of the sternum, meets the sternal body, (a.k.a. your breast bone,) around the front side of your thorax).
  (Okay, I might have had to reach for the old anatomy textbook for SOME of that information...)
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
26. Re:T2 chip? by Hallux-F-Sinister · 2018-10-30 20:41 · Score: 1
  
  The Mac is only barely more immune from hacking and malware than Windoze.
  That is demonstrably untrue.
  But in which direction? Are you asserting that the Mac* is no more immune to hackers and malware than a M$ Windows computer, or that it is FAR more? Can you substantiate your claim?
  * By "Mac," I think we must agree because of the role the user plays as a sysadmin, that it's pointless because without qualification the word is functionally meaningless, to talk about a Mac generically. For the purposes of this discussion, I think we should limit the meaning of the word "Mac" to mean an Apple, Inc., built, offered for retail sale computer as part of the Mac line, (i.e., iMacs, Trash-Can Mac Pros, Mac Minis, and all variants of MacBook,) running a cleanly (or factory) installed copy of the latest version of macOS, which at any given time is the current version, that the "rootless" feature, or System Integrity Protection is and has always been enabled, that the "Allow apps downloaded from:" security settings has never been set to anything but "App Store" only, that firewall is enabled, that automatic updates is selected, and that all this was so BEFORE it was ever connected to the internet, and has remained so ever since. Therefore, excluded would be any Mac running any previous version of OS X or macOS, any Mac which has any updates that have ever not been immediately applied, any Mac on which any software NOT from Apple has ever been run, any "vintage" Mac that cannot run (or is not running) the latest stable/production release of the OS, and obviously any "Hackintosh" computers. Any Mac connected to the internet BEFORE all the security settings were selected must be excluded, which kind of means that MOST Macs would be excluded, since you'd have to connect yours TO the internet TO download security updates, meaning if you DID need an update right after you bought it... you'd have HAD to connect it to the internet BEFORE it was fully patched and up-to-date... (oops! that can't be counted,) and also any Mac for which you are not the first owner, as you can't prove what happened to it BEFORE you got it, and also any Mac which you've let any other people use under your login, or whom you have provided with their own login account on your machine, who was then allowed to use it (not completely supervised and observed,) by you. So honestly, there really aren't NEARLY as many Mac computers out there to make this comparison with as you might think or expect.
  Obviously, any Mac running Bootcamp must also be excluded, at least when NOT booted into macOS.
  What if instead of malware, we had MalWear? MalWear is something you can buy at a store (also called MalWear, or something similar,) which stocks war-surplus Independent Browncoats, guns that look like they should go "bang-bang" but instead go "pew-pew" or "zzaouuuu," and of course vaguely futuristic-looking yet simultaneously old-timey western-wear like what Captain Malcolm "Mal" Reynolds wears in the sci-fi/old-west series, "Firefly" (and of course, the film "Serenity"). I wouldn't mind having some of THAT kind of MalWear. I actually toyed with the idea of buying one of the jackets, but... guess I'm not enough of a Browncoat myself, after all. (I was raised on an Alliance world, (Earth that Was,) after all. It kind of spoils you.)
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
27. Re: T2 chip? by arglebargle_xiv · 2018-10-30 21:08 · Score: 1
  
  As long as Apple don't ship the T-800 we should be OK.
28. Re:T2 chip? by AmiMoJo · 2018-10-30 23:06 · Score: 1
  
  Not really, these days most of the attacks are on web browsers and the the same ones run on MacOS as on every other system. The only real differences are the level of protection that the OS provides (e.g. sandboxing) and how easy it is to manipulate the UI to confuse the user.
  MacOS doesn't seem to be significantly better in these regards. It's had it's fair share of gaffes too, such as allowing Unicode bidirectional markers in file names.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
29. Re:T2 chip? by thegarbz · 2018-10-30 23:18 · Score: 1
  
  They should have dedicated an entire separate computer to the task of switching off audio. Clearly they still haven't made it complicated enough yet.
30. Re: T2 chip? by MachineShedFred · 2018-10-30 23:38 · Score: 1
  
  Any system with remote management features made in the last decade have ways of being woken up remotely. Wake-on-LAN, vPro / AMT, etc
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
31. Re: T2 chip? by mSparks43 · 2018-10-30 23:44 · Score: 1
  
  for a minute there i thought they were going to stop the baseband processor being used to remotely listen on iphones. silly me.
32. Re:T2 chip? by jcr · 2018-10-31 02:17 · Score: 1
  
  You'll believe whatever you want to, but fuck you for calling me a liar.
  -jcr
  
  --
  The only title of honor that a tyrant can grant is "Enemy of the State."
33. Re: T2 chip? by TheFakeTimCook · 2018-10-31 03:35 · Score: 1
  
  Actually, there is a chip in every Mac containing a 64 bit code that is needed during the boot process. Easy to get around. Just enough to invoke the DMCA against any Hackintosh user - if Apple wanted to.
  And considering that they haven't exercised anything like that for the ENTIRETY of the 15 years of Intel Macs, anyone so "charged" at this point would have a pretty good legal argument against prosecution.
  It's like if I pay my rent 10 days late every month for 5 years, and my landlord suddenly decides to evict me for paying late, I would have a valid legal argument that they "let it happen". I can't remember the legal term off-hand; but it is a real thing.
34. Re:T2 chip? by TheFakeTimCook · 2018-10-31 03:43 · Score: 1
  
  The Mac is only barely more immune from hacking and malware than Windoze.
  That is demonstrably untrue.
  But in which direction? Are you asserting that the Mac* is no more immune to hackers and malware than a M$ Windows computer, or that it is FAR more? Can you substantiate your claim?
  * By "Mac," I think we must agree because of the role the user plays as a sysadmin, that it's pointless because without qualification the word is functionally meaningless, to talk about a Mac generically. For the purposes of this discussion, I think we should limit the meaning of the word "Mac" to mean an Apple, Inc., built, offered for retail sale computer as part of the Mac line, (i.e., iMacs, Trash-Can Mac Pros, Mac Minis, and all variants of MacBook,) running a cleanly (or factory) installed copy of the latest version of macOS, which at any given time is the current version, that the "rootless" feature, or System Integrity Protection is and has always been enabled, that the "Allow apps downloaded from:" security settings has never been set to anything but "App Store" only, that firewall is enabled, that automatic updates is selected, and that all this was so BEFORE it was ever connected to the internet, and has remained so ever since. Therefore, excluded would be any Mac running any previous version of OS X or macOS, any Mac which has any updates that have ever not been immediately applied, any Mac on which any software NOT from Apple has ever been run, any "vintage" Mac that cannot run (or is not running) the latest stable/production release of the OS, and obviously any "Hackintosh" computers. Any Mac connected to the internet BEFORE all the security settings were selected must be excluded, which kind of means that MOST Macs would be excluded, since you'd have to connect yours TO the internet TO download security updates, meaning if you DID need an update right after you bought it... you'd have HAD to connect it to the internet BEFORE it was fully patched and up-to-date... (oops! that can't be counted,) and also any Mac for which you are not the first owner, as you can't prove what happened to it BEFORE you got it, and also any Mac which you've let any other people use under your login, or whom you have provided with their own login account on your machine, who was then allowed to use it (not completely supervised and observed,) by you. So honestly, there really aren't NEARLY as many Mac computers out there to make this comparison with as you might think or expect.
  Obviously, any Mac running Bootcamp must also be excluded, at least when NOT booted into macOS.
  What if instead of malware, we had MalWear? MalWear is something you can buy at a store (also called MalWear, or something similar,) which stocks war-surplus Independent Browncoats, guns that look like they should go "bang-bang" but instead go "pew-pew" or "zzaouuuu," and of course vaguely futuristic-looking yet simultaneously old-timey western-wear like what Captain Malcolm "Mal" Reynolds wears in the sci-fi/old-west series, "Firefly" (and of course, the film "Serenity"). I wouldn't mind having some of THAT kind of MalWear. I actually toyed with the idea of buying one of the jackets, but... guess I'm not enough of a Browncoat myself, after all. (I was raised on an Alliance world, (Earth that Was,) after all. It kind of spoils you.)
  Actually, I'd be willing to stipulate that Macs are far more impervious to malware than a Windows box, REGARDLESS of the above stipulations (all that would make it too easy, right?), with the notable exception that the User cannot have been tricked by Social Engineering into ignoring all warnings and instead, installed a Trojan.
  I think we can all agree that NO reasonable OS can guard against a User with sufficient permissions and insufficient smarts. And I will stipulate that macOS is, of course, no exception.
  I was talking about the rando "Open this email, get pwned" type of stuff. That STILL happens all too often in the Windows world. I work in that environment every day, and can also read.
35. Re:T2 chip? by TheFakeTimCook · 2018-10-31 03:44 · Score: 1
  
  Not really, these days most of the attacks are on web browsers and the the same ones run on MacOS as on every other system. The only real differences are the level of protection that the OS provides (e.g. sandboxing) and how easy it is to manipulate the UI to confuse the user.
  MacOS doesn't seem to be significantly better in these regards. It's had it's fair share of gaffes too, such as allowing Unicode bidirectional markers in file names.
  ...and yet?
36. Re:T2 chip? by the_B0fh · 2018-10-31 04:27 · Score: 1
  
  You are the one claiming Apple locked up people buying refurbished batteries and he's the crazy one?
  Also, only the home button, if you replace it, it will turn into a home button without fingerprint read ability. Apparently you don't live in this reality?
37. Re:T2 chip? by the_B0fh · 2018-10-31 05:06 · Score: 1
  
  Why do you hate Apple and Macs so much? Did someone used a Mac to touch you inappropriately when you were young?
  Go on. Show us on a stick figure where the bad touch happened.
38. Re: T2 chip? by xgerrit · 2018-10-31 06:45 · Score: 1
  
  The T2 chip does exactly what they say it does *as of today.* If you want to speculate about the future, it makes more sense that since Apple designs so much hardware for iOS devices, the T2 is being developed and used as an integration point to bring blocks from their iOS SoC to Macs. Eventually they'll bring their custom GPU designs over, and the amount of money they save would make the money saved from "lost repair fees" look like a rounding error.
39. Re:T2 chip? by Hallux-F-Sinister · 2018-10-31 12:24 · Score: 1
  
  The Mac is only barely more immune from hacking and malware than Windoze.
  That is demonstrably untrue.
  But in which direction? [...]
  Actually, I'd be willing to stipulate that Macs are far more impervious to malware than a Windows box, REGARDLESS of the above stipulations (all that would make it too easy, right?), with the notable exception that the User cannot have been tricked by Social Engineering into ignoring all warnings and instead, installed a Trojan.
  I think we can all agree that NO reasonable OS can guard against a User with sufficient permissions and insufficient smarts. And I will stipulate that macOS is, of course, no exception.
  I was talking about the rando "Open this email, get pwned" type of stuff. That STILL happens all too often in the Windows world. I work in that environment every day, and can also read.
  Not to be argumentative, and I almost hate to ask it, but do you remember when Apple shipped a production version of macOS where you could gain root by trying to login as root and just provided no password?
  I think the argument could be made that macOS is USUALLY more secure, when someone at Apple has not royally cocked up (as they occasionally do,) and left the keys metaphorically hanging from the lock in the highly secure door.
  Did anyone hear if Apple fired anyone over that debacle? Im curious.
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
40. Re:T2 chip? by Aighearach · 2018-10-31 13:12 · Score: 1
  
  Is the T2 chip really needed to implement a simple hardware disconnect?
  You can't just disconnect the wire, you have to gently reduce the signal or you'll generate a bunch of crackle and pop.
  Plus, you'd at least need a transistor. So, an IC. But with just that, you'd also need a capacitor and resistor to prevent the crackle/pop.
  They can make their own IC for about the same price that they'd pay for a discrete transistor, and they'd both be the same tiny package. But their own IC would have its own capacitors and resistors built in; it would cost less and use less space!
  If it was DIY or a small business, you'd be right; no special chip is "needed." Or, in a DIY setting you might still have extra CPU pins for GPIO, and you can just turn it off with that.
  Another advantage would be that you could connect it to a bus, and control it from software without using extra pins on another chip. I have no idea how robust that brand is when it comes to dealing with broken lid sensors, but on my Thinkpad I can stop it from responding to lid close events if I wanted to. So I'd absolutely insist that something like that be known to the OS as a peripheral.
41. Re: T2 chip? by Aighearach · 2018-10-31 13:13 · Score: 1
  
  Don't worry, they're iterating as fast as they can.
42. Re: T2 chip? by Aighearach · 2018-10-31 13:21 · Score: 1
  
  It is a real thing in general contract law, but that isn't going to touch something with specific legislation like DMCA.
  More likely, the argument is simply wrong on its claims due to being overly-broad when the statute is actually much narrower. Just because a code is needed doesn't actually make it an access control; many of the ICs in a circuit have to be sent a code during startup, so that the chip can make sure you were trying to start it up before it starts up. And to give you time to get everything ready before telling it to start. Being required at boot doesn't automatically make those things into access controls.
43. Re:T2 chip? by Aighearach · 2018-10-31 13:24 · Score: 1
  
  Once you figure out what "entire computer" means, you'll realize that you're not being sarcastic or insightful, and that it is most certainly "an entire separate computer" but also there are already probably 50 "entire separate computers" on their motherboard.
  Even what appears to be an analog op-amp is actually an "entire (digital) computer."
44. Re:T2 chip? by Aighearach · 2018-10-31 13:27 · Score: 1
  
  I don't know about the coward, but I know when I tried to touch an Apple ][e in an inappropriate way it hurt for a whole week.
  Right there, on the doll. That's where it hurt.
45. Re:T2 chip? by TheFakeTimCook · 2018-11-01 03:56 · Score: 1
  
  The Mac is only barely more immune from hacking and malware than Windoze.
  That is demonstrably untrue.
  But in which direction? [...]
  Actually, I'd be willing to stipulate that Macs are far more impervious to malware than a Windows box, REGARDLESS of the above stipulations (all that would make it too easy, right?), with the notable exception that the User cannot have been tricked by Social Engineering into ignoring all warnings and instead, installed a Trojan.
  I think we can all agree that NO reasonable OS can guard against a User with sufficient permissions and insufficient smarts. And I will stipulate that macOS is, of course, no exception.
  I was talking about the rando "Open this email, get pwned" type of stuff. That STILL happens all too often in the Windows world. I work in that environment every day, and can also read.
  Not to be argumentative, and I almost hate to ask it, but do you remember when Apple shipped a production version of macOS where you could gain root by trying to login as root and just provided no password?
  I think the argument could be made that macOS is USUALLY more secure, when someone at Apple has not royally cocked up (as they occasionally do,) and left the keys metaphorically hanging from the lock in the highly secure door.
  Did anyone hear if Apple fired anyone over that debacle? Im curious.
  According to the Google Machine, it was about a year ago, on macOS High Sierra. The bug existed for all of about 24 hours after it was uncovered before being Patched. Obviously, an error in QA; but no sign that it was ever exploited (Thank $Deity)...
  https://arstechnica.com/inform...
  And as the article pointed out, it wasn't just that you could login with any random username and just skip the password, there was a particular "procedure" (that, BTW, didn't ALWAYS work!), to trigger the bug. That is also a good possibility why it slipped past testing.
  Honestly don't know it anyone got the axe over that; Apple (and likely anyone else in that situation) wouldn't typically say, unless it was something that needed a showing of "a severed head to hold up". But I would imagine that, if not fired outright, that person got called on the carpet pretty severely (as one would hope!), although the fact that it didn't ALWAYS happen may have been a mitigating factor in any punishment that was, or was not, meted-out.
  And the fact that it was newsworthy just shows how rare a serious gaffe like that really is.
46. Re: T2 chip? by TheFakeTimCook · 2018-11-01 04:07 · Score: 1
  
  It is a real thing in general contract law, but that isn't going to touch something with specific legislation like DMCA.
  More likely, the argument is simply wrong on its claims due to being overly-broad when the statute is actually much narrower. Just because a code is needed doesn't actually make it an access control; many of the ICs in a circuit have to be sent a code during startup, so that the chip can make sure you were trying to start it up before it starts up. And to give you time to get everything ready before telling it to start. Being required at boot doesn't automatically make those things into access controls.
  All VERY good points! Thanks for the info!!!
  The sad thing is, something like the T2 chip, to ensure a "clean boot", is something that can be used for good, or evil. The "good" uses are the VERY nice thing that RootKits are effectively neutered; since a machine so-compromised will likely not pass the Boot Test. Same thing with many classes of viruses, I think.
  But of course, that same capability can be used to effectively lock software to hardware, or to prevent the installation and dual-booting from alternative OSes, such as Linux. But it is very hard for me to believe that the same company that has a built-in Bootloader that the User can Invoke with a Startup Key-Combo (Hold the Alt/Option Key on Startup, until the Boot-Menu appears), a Bootloader that is also there to support BootCamp, as well as things like Booting from a USB Drive, is going to suddenly restrict the "on purpose" installation and booting of an alternative OS.
Errr Title? by thegarbz · 2018-10-30 10:09 · Score: 3, Insightful

Title: Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
Summary: "This disconnect is implemented in hardware alone, and therefore prevents [snip] even the software on the T2 chip, from engaging the microphone when the lid is closed,"
So...
1. Re: Errr Title? by GrahamJ · 2018-10-30 10:59 · Score: 1
  
  So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.
2. Re: Errr Title? by TheFakeTimCook · 2018-10-30 16:10 · Score: 1
  
  So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.
  Exactly.
  And since laptops like the new MacBook Air have MULTIPLE microphones for better phone-call and "Hey, Siri" operation, it is easier to implement a hardware-switch electronically than mechanically. And since Apple was building this chip anyway, why not stick a 3 channel Analog Switch with a single Enable line in the same chip?
3. Re:Errr Title? by AmiMoJo · 2018-10-30 23:00 · Score: 1
  
  It's not even new, this kind of thing has been on laptops for decades. I remember similar stuff back in the 90s, where a physical switch would be actuated by closing the lid and disable stuff like the screen backlight and the microphone. Back then Windows' power management was a joke so manufacturers used hardware switches.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re: Errr Title? by thegarbz · 2018-10-30 23:13 · Score: 1
  
  Well I guess in this brave new world we need to throw silicon at things that could be easily achieved via a dumb switch.
5. Re: Errr Title? by Aighearach · 2018-10-31 13:33 · Score: 1
  
  It isn't as easy as you think; unplug a microphone without turning the gain down. Hear anything?! If you didn't hear a bunch of noise, it means whatever you were unplugging it from didn't use a dumb switch, it either used some silicon or some external passive components to prevent the pop. Anything like a laptop where space is at a premium and it is being manufactured in large quantities, then throwing silicon at the problem is cheaper than the passives. Better results, too.
6. Re: Errr Title? by thegarbz · 2018-10-31 21:02 · Score: 1
  
  It isn't as easy as you think; unplug a microphone without turning the gain down.
  So ... use a switch with two contacts, one to alert the audio chip that the mic is unplugged.
  Yes actually it is precisely as easy as I think. I design exactly these kinds of audio circuits, in the past for a living, now for a hobby.
  
  then throwing silicon at the problem is cheaper than the passives
  The thing with passives is you already have them, unless you're not using "hardware" to detect conditions as the summary would imply.
Re:T2 Everywhere == End of Hackintoshes by b0s0z0ku · 2018-10-30 10:15 · Score: 1

Newer OS X (I mean MacOS) versions are increasingly dumbed down and crippled. Who needs this junk?
T2 by Anonymous Coward · 2018-10-30 10:17 · Score: 1

Judgement Day
It's a more advanced version of the T1, sent back from the future to kill the leader of the resistance.
Re:T2 Everywhere == End of Hackintoshes by unique_parrot · 2018-10-30 10:23 · Score: 1

The first one at ebay/alibaba/etc selling a pci-t2-compatible card will be rich. as of REALLY rich... nothing to be seen :D
Hello we invented a $500 lid switch! BUY BUY BUY! by Narcocide · 2018-10-30 10:26 · Score: 2

No, it doesn't work on the camera.
A switch? by hawguy · 2018-10-30 10:27 · Score: 2

Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
1. Re: A switch? by GrahamJ · 2018-10-30 11:02 · Score: 1
  
  So which laptop that you designed has this simple feature?
  Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.
2. Re: A switch? by Cmdln+Daco · 2018-10-30 11:38 · Score: 1
  
  What is this 'jack' thing you refer to? Is it something Apple hasn't invented yet?
3. Re: A switch? by hawguy · 2018-10-30 11:51 · Score: 1
  
  So which laptop that you designed has this simple feature?
  Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.
  I know you assume that since I'm posting on Slashdot that I'm an expert in the field, but I not actually a laptop design engineer.
  I tried to find the forum post where I suggested exactly this feature a couple years ago, but I don't remember where it was. A hardware switch to physically disable the camera and microphone sounds like such a no-brainer than I didn't think anyone would think it was innovative or hard to imagine.
4. Re: A switch? by GrahamJ · 2018-10-30 13:16 · Score: 1
  
  It isnâ(TM)t, and yet no laptops have it. The story here isnâ(TM)t that lid switches are innovative, itâ(TM)s that finally a company understands that privacy is a feature.
5. Re:A switch? by Uberbah · 2018-10-30 15:27 · Score: 2
  
  Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
  Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.
6. Re:A switch? by hawguy · 2018-10-30 15:32 · Score: 1
  
  Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
  Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.
  If that's such a great laptop innovation, then why isn't Apple using them anymore?
7. Re: A switch? by aybiss · 2018-10-30 16:06 · Score: 1
  
  No, the story here is that a company has created special hardware to behave like a switch. Special hardware which is so ridiculously complex for the job at hand, that it's almost guaranteed to be exploitable.
  
  --
  It's OK Bender, there's no such thing as 2.
8. Re:A switch? by Uberbah · 2018-10-30 18:06 · Score: 1
  
  That Apple has developed an unhealthy Air fetish (minimizing laptop dimensions to the detriment of usability) in no way diminishes the advantages of a magnetically-attaching power cord. The company has more money than God, there's no reason why they can't have a minimalist Air line and a proper Pro line at the same time.
9. Re:A switch? by AmiMoJo · 2018-10-30 23:15 · Score: 1
  
  So very obvious that it wasn't innovative - yet only one company thought to try it.
  It's not that it was a great innovation, it's that only Apple thought people would pay for it. The magsafe connector was expensive, made of 14 separate parts and that's just the charger side. It also required the computer and charger to carefully manage the power delivery to avoid shorts, further adding to cost.
  Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.
  You will note that the magsafe connectors on cooking equipment were almost exclusive to Japan. For reasons I won't get in to the Japanese are uniquely willing to pay a lot more for such features so it's often used as a test market for new ideas, and many of those features never make it to the west because the manufacturer doesn't think they will sell.
  It's a myth that Apple's patent prevented other manufacturers from doing their own magsafe connectors. The patent just covers some easily worked-around stuff like the arrangement of the magnets and symmetrical contacts. They just didn't because it's not something they thought would sell.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
10. Re: A switch? by Aighearach · 2018-10-31 13:34 · Score: 1
  
  Oh thatâ(TM)s right, you didnâ(TM)t think of it.
  Thanks Jar-Jar. What do they call switches on your planet?
11. Re:A switch? by Aighearach · 2018-10-31 14:07 · Score: 1
  
  Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.
  You don't seem to have really internalized what having a high profit margin means.
  You're saying, "Gosh, they could just have a low profit margin on their device instead." While true, it isn't a useful point.
  As a consumer I certainly don't want to buy a device with a high profit margin! I certainly wouldn't go around expecting such devices to have quality parts. That would be insane.
12. Re:A switch? by Agripa · 2018-11-01 21:00 · Score: 1
  
  Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
  This switch implementation by Apple is innovative because it may be secretly bypassed in software for lawful surveillance purposes.
You have to learn something from OS/2.... by martiniturbide · 2018-10-30 10:37 · Score: 1

...we don't even have drivers for that, so we don't have that issue :)
so in the new mac pro storage capped at pci-e x4 by Joe_Dragon · 2018-10-30 11:17 · Score: 1

so in the new mac pro storage capped at pci-e x4 stacked off of the t2 chip??
so even if it has 4 pci-e disk at X4 each they will all be locked to the T2 at pci-e X4?
My old iSight had a "hardware disconnect" by 93+Escort+Wagon · 2018-10-30 11:28 · Score: 1

When you rotated the barrel of the camera, physical blades would block the lens completely.
Nowadays you have to use a piece of tape to accomplish that simple task. Why not just have a little physical slider, built into the laptop, which would obscure the lens?

--
#DeleteChrome
Or so you think by SuperKendall · 2018-10-30 11:36 · Score: 1

I have a better idea. My laptop doesn't have a microphone.
Does it have speakers?
Then it has a microphone.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Or so you think by Cmdln+Daco · 2018-10-30 11:41 · Score: 1
  
  Not without an amplifying element to pick up the signal the speaker's voice coil generates.
2. Re:Or so you think by SuperKendall · 2018-10-30 16:42 · Score: 1
  
  Not without an amplifying element to pick up the signal the speaker's voice coil generates.
  So you have personally inspected the electronics around your speakers and are sure no such amplification exists?
  Seems like a laptop that explicitly left off microphones is exactly the kind of device you would hide speaker amplification in.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
3. Re: Or so you think by Cmdln+Daco · 2018-10-30 23:10 · Score: 1
  
  Bets are all off, then. There have gotta be six extra mics buried in there. In fact, this mystery laptop you describe probably has a robotic arm hidden in it to implant the anal probe after you fall asleep.
Re:Penis switch by aybiss · 2018-10-30 16:07 · Score: 1

You better encrypt that shit first or you're likely to get a virus.

--
It's OK Bender, there's no such thing as 2.
Re:Hello we invented a $500 lid switch! BUY BUY BU by Anubis+IV · 2018-10-30 18:19 · Score: 1

To be fair, they said it doesn't work on the camera because the camera's view isn't exactly problematic when the lid is closed. ;)
Camera not disconnected, but ... by SemperOSS · 2018-10-30 20:34 · Score: 1

"[...] The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed."
That's a perfect idea ... until someone comes up with a way to record audio through fluctuations in the camera's output due to the shifting patterns of air pressure.

--
I don't need a signature to draw attention to myself.
Will it thought by johnsie · 2018-10-30 21:34 · Score: 1

These phones are mostly built in red China.
Apple New Update by NeilBhisma · 2018-11-01 19:02 · Score: 1

The information that you provided above is so relevant to know about Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Microphone. Thanks for sharing. Still anyone wants to know more about Apple Mac then i suggest you to read https://www.mactechnicalsuppor... blog, to gathered more information.
anti self repair by sad_ · 2018-11-03 05:10 · Score: 1

remember, the T2 chip is also used to disable the computer when it detects non-apple replacement parts.
this is just a stupid story to take your attention away from that fact and have you think that having the T2 chip in your computer is a good thing.

--
On a long enough timeline, the survival rate for everyone drops to zero.