Apple’s T2 security chip is one of the main features of MacBooks. Sadly it appears that this dedicated chip, which was forged to protect passwords and encrypt the device, can now apparently be cracked.
The Apple T2 chip allows Mac owners to encrypt and decrypt the data inside their SSD. The said encryption is aided by a software feature that limits the number of password attempts to prevent brute force attacks.
A Mac’s password isn’t placed on the SSD, which means that attackers would have to use brute force to get a decryption key — a process that could take millions of years.
However, a company named Passware claims that they can now take on such a security feature.
Passware offers tools that can crack the passwords on Macs that don’t have a T2 chip. But, earlier this month, the company subtly released an add-on that can now apparently take on the T2 chip.
The said add-on can apparently take advantage of the new vulnerability on the T2 chip that can work around the password attempt limit. This means that the brute force method now has the potential to decrypt Mac’s data, no need to wait for millions of years.
Albeit, Passware’s attacks are apparently slow as its cracking tool can only guess 15 passwords per second. That means that if your password is longer, it can still take thousands of years to unlock. Albeit, shorter passwords like the six-character ones will only take about 10 hours.
If it’s any consolation, Passware’s cracking tools are only available for government agencies or any companies or entities that can provide the right justification for owning one. Plus, the T2-cracking tool has a whopping price of USD1,990 (around Php100,000).
Bear in mind that the vulnerability only affects T2 Macs — which includes some 2018 to 2020 models. The M1 models like the new 24-inch iMac, 14-inch and 16-inch MacBook Pros, and more are safe — at least for now.
As a precaution, it’s best to have the right password to begin with. How? For starters, you should stop using these 200 most common passwords. Experts also recommend the use of three random words as your password.