Skip to main content

All Macs without T2 chip vulnerable to recently discovered cold boot attack

A new exploit discovered by F-Secure is said to put “almost all” Mac and Windows laptops and desktops at risk for data theft. The vulnerability even leaves Macs with FileVault turned on susceptible.

As reported by TechCrunch, the firmware exploit has to do with how almost all Mac and Windows machines overwrite data when they are turned off. This exploit is based on a cold boot attack, where hackers are working to steal data from a computer that’s powered off.

F-Secure’s Olle Segerdahl and Pasi Saarinen discovered the firmware vulnerability that allows the ability to turn off data overwriting. Notably, a malicious party would need to have physical possession of a computer to leverage this flaw.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

Segerdahl also discovered that in almost all instances it was possible to steal data even if the Mac had the FileVault encryption feature turned on.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

The researchers previously shared their discovery with Apple, Microsoft and Intel. Macs with the new T2 chip are immune from the flaw, which include the iMac Pro and the 2018 MacBook Pros.

“Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.” Meanwhile, Intel didn’t respond to TechCrunch on the matter.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications