contador web Skip to content

Vulnerability on non-T2 Macs could expose encrypted data

That no computer is perfectly safe, we all know that. But sometimes they come up with some flaws that show an exposure to our machines that we never thought could exist, and this is just the case.

How did you bring the TechCrunch, researchers from F-Secure have recently detected a vulnerability that primarily affects all modern computers, including Macs without the T2 chip (more on this exception later). Basically, the flaws expose the machines to data theft by slightly more dedicated crackers even if computers have their storage disks fully encrypted because of a flaw in firewall operating systems, which no longer protect files during an elementary moment of computer operation.

Basically, the root of the problem lies in what happens when Macs or PCs shut down, sleep, or enter any mode that requires you to enter your password to reset them. At this time, a number of recently used data are stored in the RAM module of the machines and thus unprotected from encryption of storage disks. Systems then overwrite this data with “noise” to prevent potential attackers from being able to access this small amount of potentially sensitive information (this type of attack, which has been around for decades, known as cold boot).

The vulnerability discovered by F-Secure is precisely in this part of the firewall that prevents attacks cold boot, and involves a way to prevent such data stored in RAM from being scrambled or made inaccessible. This allows attackers to access recently used data or files and then go through the other security processes that protect the machine's encrypted data, accessing everything that saves your memory files, passwords, browsing history and whatever. The more you want to protect.

The attack is only possible if the intruders have physical access to the machine, which in itself makes it much rarer to occur in the real world with “ordinary” people like you and me, but it can be of concern to more important figures, such as journalists who cover sensitive issues, politicians, activists or other public people more focused by antagonistic groups.

To reiterate, T2-chip Macs are totally immune to attack, as the separate piece of encryption hardware is in charge of protecting the data on the machine as a whole, not just the HDD / SSD. Just to remind you, Apple computers equipped with the chip are the iMac Pro and the latest updates from MacBook Pro, released this year.

Older (or cheaper) Apple computers that don't have the chip, however, are vulnerable even with FileVault enabled.

Before the vulnerability was released, F-Secure contacted some manufacturers, such as Apple, Microsoft and Intel, to report the issue. While it is somewhat impossible to counteract the threat on existing computers, Ma said that they are working on possible strategies to minimize the possibility of such an occurrence and recommended to all users to set a password on their Macs.

Another reasonably effective measure would be to completely shut down your computer instead of putting it to sleep if you are away from it for a few minutes (and if you are afraid that an international hacker will appropriate it to fetch data, of course). This makes the process of breaking into the machine significantly slower and, in some cases, impossible since some computers completely erase data from RAM when it is turned off.

Anyway, let's always be aware!