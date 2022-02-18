Tech GiantsApple

MacBook with T2 chip: Password security breached, but the risk is low

Well before moving on to its new proprietary architecture, Apple had begun to introduce the ARM chips on his Macs for the management of certain aspects, such as the security of biometric data and passwords saved locally. The chips in question are those of the T series, namely the T1 and the T2the latter introduced on MacBooks starting in 2018.

Today it is T2 that returns to the center of media attention, as the security company Passware announced that he has developed the first software solution for password recovery even on a Mac equipped with such a chip, thus confirming the existence of a flaw that can be used for this purpose.

According to what emerged, the system used by Passware continues to be based on attacks brute force, therefore it is basically a system that systematically tests every possible combination until it finds the correct one. The only aspect innovative of Passware’s solution is about the fact that the tool integrates a module capable of bypassing the T2 attempt limiterthus making it possible to use a brute force system that would otherwise be blocked much sooner.

THE RISK TO THE USER IS NEARLY NULL

In any case, it seems that Passware’s solution isn’t exactly the fastest, since the add-in severely slows down the number of attempts that can be made per second. If on older Macs it is possible to reach the speed of about 10,000 tests per second, on Macs with T2 this figure drops to 15 per second. It is estimated that it is possible to recover a very simple 6-word password in about 10 hours, this – of course – by having physical access to the computer.

The Passware tool is not available to everyone, but will only be made available to government agencies or private companies that can demonstrate that they have valid reasons for using it. The vulnerability in question will not be publicly disclosed e all Macs using an M1 or higher chip are already immune to it. Considering the slow recovery and the fact that physical access to the PC is required, the vulnerability is very unlikely to pose a danger to the common user.

