Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
Apple’s T2 security chip has an unfixable flaw
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Cr00zng" data-source="post: 1864549" data-attributes="member: 318059"><p>The T2 chip cannot be exploited remotely by the Checkra1n. In all fairness, is there any device in which physical access to it does not create a vulnerability?</p><p></p><p>Yes, the purpose of the T2 chip is to protect against physical access based vulnerabilities and it fails do that to a certain point. But even the Wired article admits, quote:</p><p></p><p></p><p>In another word, this vulnerability alone does not allow access to the encrypted data. It could allow installation of malware for capturing password and/or encryption keys for accessing the data. Good luck with brute-forcing 256-bit AES encryption keys.</p><p></p><p>There are easier methods, especially for state actors, to access encrypted data, from <a href="https://xkcd.com/538/" target="_blank">xkcd.com</a>:</p><p></p><p>[ATTACH=full]32626[/ATTACH]</p></blockquote><p></p>
[QUOTE="Cr00zng, post: 1864549, member: 318059"] The T2 chip cannot be exploited remotely by the Checkra1n. In all fairness, is there any device in which physical access to it does not create a vulnerability? Yes, the purpose of the T2 chip is to protect against physical access based vulnerabilities and it fails do that to a certain point. But even the Wired article admits, quote: In another word, this vulnerability alone does not allow access to the encrypted data. It could allow installation of malware for capturing password and/or encryption keys for accessing the data. Good luck with brute-forcing 256-bit AES encryption keys. There are easier methods, especially for state actors, to access encrypted data, from [URL='https://xkcd.com/538/']xkcd.com[/URL]: [ATTACH type="full"]32626[/ATTACH] [/QUOTE]
Verification
Name this item 🌈
Post reply
Forums
General Discussions
Security Awareness
Apple’s T2 security chip has an unfixable flaw
Top
