Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com)

Posted by BeauHD on from the safety-first dept.

An anonymous reader quotes a report from TechCrunch: Buried in Apple's latest range of MacBooks -- including the MacBook Pro out earlier this year and the just-announced MacBook Air -- is the new T2 security chip, which helps protect the device's encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device's microphone from the rest of the hardware whenever the lid is closed. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," said the support guide. The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed." Apple said the new feature adds a "never before seen" level of security for its Macs, without being quite so blunt as to say: Macs get malware too.

13 of 145 comments (clear)

  1. T2 chip? by b0s0z0ku · · Score: 2

    Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)

    1. Re:T2 chip? by b0s0z0ku · · Score: 2

      No. We don't need a lockdown chip aka modern version of the Clipper Chip polluting our hardware.

    2. Re:T2 chip? by Rick+Schumann · · Score: 3, Insightful

      Is the T2 chip really needed to implement a simple hardware disconnect?

      No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.

    3. Re:T2 chip? by Anonymous Coward · · Score: 2, Interesting

      It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.

    4. Re:T2 chip? by jcr · · Score: 3, Informative

      No, its primary purpose is to store your fingerprint and encryption key data securely. Google "Apple Secure Enclave" and read all about it.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    5. Re:T2 chip? by postbigbang · · Score: 2

      This may well be the intention. The day of the hackintosh seems almost over anyway. There is sufficient bloat in macOS that it rivals Windows 10, although without so many phone-homes and in-your-face ads.

      The Mac is only barely more immune from hacking and malware than Windoze. Even Linux and ?BSDs are having their own problems. I'm not sure the hacks needed to do a Mac clone are worth the trouble. There are a few features that I personally like in High Sierra+, but it's not worth the trouble. My need for encryption is less than most people's. Encrypting a 'home' directory seems a waste of time, given the possible trouble.

      --
      ---- Teach Peace. It's Cheaper Than War.
    6. Re:T2 chip? by TheFakeTimCook · · Score: 2

      Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)

      No.

      The T2 chip does a BUNCH of stuff. This was something that took two dedicated pins/pads and a single transistor in the chip.

      Why not?

    7. Re:T2 chip? by TheFakeTimCook · · Score: 2

      It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.

      It does audio processing, transparent SSD encryption, and bunch of other system stuff that applies to both desktop and mobile Macs. In fact, the first Mac with a T2 chip was the 2017 iMac Pro.

      And if you knew any history, you'd know that Apple had the PERFECT opportunity to put a Hardware Lock on OS X/macOS. The first Intel Macs, which were LOANED to Developers for about a year, while Apple cranked out the first Production Macs, were nothing more than a modified G5 Tower case with an Intel Motherboard inside.

      What's important about that? That mobo had a TPC chip, which Apple EASILY could have written a quick driver-for.

      But they never did, and except for I believe the first "real" Intel Mac, the TPC was dropped from the circuitry.

      IMHO, Apple sees the Hackintosh community as an interesting way to gauge how many people are willing to put up with the hassle of getting drivers to work, worrying about Upgrades breaking things, etc., just to have what Apple is not currently providing. The entire Hackintosh community is little more than a rounding-error when it comes to "lost sales".

      But I also believe that if that percentage started to grow, at some point, Apple would make a decision whether to integrate common Hackintosh features into a Product, continue to "wait-and-see", or risk the ill-will of getting dickish with hardware-lock-in for the OS.

      But it has been almost 20 years of OS X, and 15 years of Intel Macs, and it hasn't happened yet. So I wouldn't worry.

    8. Re:T2 chip? by TheFakeTimCook · · Score: 2

      The Mac is only barely more immune from hacking and malware than Windoze.

      That is demonstrably untrue.

  2. Errr Title? by thegarbz · · Score: 3, Insightful

    Title: Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
    Summary: "This disconnect is implemented in hardware alone, and therefore prevents [snip] even the software on the T2 chip, from engaging the microphone when the lid is closed,"

    So...

  3. Hello we invented a $500 lid switch! BUY BUY BUY! by Narcocide · · Score: 2

    No, it doesn't work on the camera.

  4. A switch? by hawguy · · Score: 2

    Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

    1. Re:A switch? by Uberbah · · Score: 2

      Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

      Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.