Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Desktops (Apple) Portables (Apple) Privacy Apple Hardware

Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com) 145

An anonymous reader quotes a report from TechCrunch: Buried in Apple's latest range of MacBooks -- including the MacBook Pro out earlier this year and the just-announced MacBook Air -- is the new T2 security chip, which helps protect the device's encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device's microphone from the rest of the hardware whenever the lid is closed. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," said the support guide. The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed." Apple said the new feature adds a "never before seen" level of security for its Macs, without being quite so blunt as to say: Macs get malware too.
This discussion has been archived. No new comments can be posted.

Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone

Comments Filter:
  • by b0s0z0ku ( 752509 ) on Tuesday October 30, 2018 @05:06PM (#57564641)
    Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)
    • by msauve ( 701917 )
      Yep. No need for some special "T2" chip - all (?) laptops have a lid switch, and stopping an analog signal based on it being closed isn't high tech.

      Next week, we'll hear of some security flaw which allows evildoers to listen in based on fluctuations in SSD access times, or some such.
    • Re:T2 chip? (Score:4, Insightful)

      by Rick Schumann ( 4662797 ) on Tuesday October 30, 2018 @05:27PM (#57564779) Journal

      Is the T2 chip really needed to implement a simple hardware disconnect?

      No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.

      • Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...
        • Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...

          That's easy: Apple.

          They have been designing custom silicon since the Apple ][ days. Seriously.

      • Is the T2 chip really needed to implement a simple hardware disconnect?

        No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.

        Exactly. Took 5 minutes of engineering time, max.

      • They should have dedicated an entire separate computer to the task of switching off audio. Clearly they still haven't made it complicated enough yet.

        • Once you figure out what "entire computer" means, you'll realize that you're not being sarcastic or insightful, and that it is most certainly "an entire separate computer" but also there are already probably 50 "entire separate computers" on their motherboard.

          Even what appears to be an analog op-amp is actually an "entire (digital) computer."

    • So how long until this chip wants to find Sarah Conner?
    • Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)

      No.

      The T2 chip does a BUNCH of stuff. This was something that took two dedicated pins/pads and a single transistor in the chip.

      Why not?

    • Any system with remote management features made in the last decade have ways of being woken up remotely. Wake-on-LAN, vPro / AMT, etc

    • Is the T2 chip really needed to implement a simple hardware disconnect?

      You can't just disconnect the wire, you have to gently reduce the signal or you'll generate a bunch of crackle and pop.

      Plus, you'd at least need a transistor. So, an IC. But with just that, you'd also need a capacitor and resistor to prevent the crackle/pop.

      They can make their own IC for about the same price that they'd pay for a discrete transistor, and they'd both be the same tiny package. But their own IC would have its own capacitors and resistors built in; it would cost less and use less space!

      If it wa

  • Errr Title? (Score:4, Insightful)

    by thegarbz ( 1787294 ) on Tuesday October 30, 2018 @05:09PM (#57564675)

    Title: Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
    Summary: "This disconnect is implemented in hardware alone, and therefore prevents [snip] even the software on the T2 chip, from engaging the microphone when the lid is closed,"

    So...

    • So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.

      • So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.

        Exactly.

        And since laptops like the new MacBook Air have MULTIPLE microphones for better phone-call and "Hey, Siri" operation, it is easier to implement a hardware-switch electronically than mechanically. And since Apple was building this chip anyway, why not stick a 3 channel Analog Switch with a single Enable line in the same chip?

      • Well I guess in this brave new world we need to throw silicon at things that could be easily achieved via a dumb switch.

        • It isn't as easy as you think; unplug a microphone without turning the gain down. Hear anything?! If you didn't hear a bunch of noise, it means whatever you were unplugging it from didn't use a dumb switch, it either used some silicon or some external passive components to prevent the pop. Anything like a laptop where space is at a premium and it is being manufactured in large quantities, then throwing silicon at the problem is cheaper than the passives. Better results, too.

          • It isn't as easy as you think; unplug a microphone without turning the gain down.

            So ... use a switch with two contacts, one to alert the audio chip that the mic is unplugged.

            Yes actually it is precisely as easy as I think. I design exactly these kinds of audio circuits, in the past for a living, now for a hobby.

            then throwing silicon at the problem is cheaper than the passives

            The thing with passives is you already have them, unless you're not using "hardware" to detect conditions as the summary would imply.

    • by AmiMoJo ( 196126 )

      It's not even new, this kind of thing has been on laptops for decades. I remember similar stuff back in the 90s, where a physical switch would be actuated by closing the lid and disable stuff like the screen backlight and the microphone. Back then Windows' power management was a joke so manufacturers used hardware switches.

  • by Anonymous Coward

    Judgement Day

    It's a more advanced version of the T1, sent back from the future to kill the leader of the resistance.

  • No, it doesn't work on the camera.

    • To be fair, they said it doesn't work on the camera because the camera's view isn't exactly problematic when the lid is closed. ;)

  • by hawguy ( 1600213 ) on Tuesday October 30, 2018 @05:27PM (#57564781)

    Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

    • So which laptop that you designed has this simple feature?

      Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.

      • by hawguy ( 1600213 )

        So which laptop that you designed has this simple feature?

        Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.

        I know you assume that since I'm posting on Slashdot that I'm an expert in the field, but I not actually a laptop design engineer.

        I tried to find the forum post where I suggested exactly this feature a couple years ago, but I don't remember where it was. A hardware switch to physically disable the camera and microphone sounds like such a no-brainer than I didn't think anyone would think it was innovative or hard to imagine.

        • It isnâ(TM)t, and yet no laptops have it. The story here isnâ(TM)t that lid switches are innovative, itâ(TM)s that finally a company understands that privacy is a feature.

          • by aybiss ( 876862 )

            No, the story here is that a company has created special hardware to behave like a switch. Special hardware which is so ridiculously complex for the job at hand, that it's almost guaranteed to be exploitable.

      • Oh thatâ(TM)s right, you didnâ(TM)t think of it.

        Thanks Jar-Jar. What do they call switches on your planet?

    • by Uberbah ( 647458 )

      Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

      Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't in

      • by hawguy ( 1600213 )

        Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

        Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.

        If that's such a great laptop innovation, then why isn't Apple using them anymore?

        • by Uberbah ( 647458 )

          That Apple has developed an unhealthy Air fetish (minimizing laptop dimensions to the detriment of usability) in no way diminishes the advantages of a magnetically-attaching power cord. The company has more money than God, there's no reason why they can't have a minimalist Air line and a proper Pro line at the same time.

      • by AmiMoJo ( 196126 )

        So very obvious that it wasn't innovative - yet only one company thought to try it.

        It's not that it was a great innovation, it's that only Apple thought people would pay for it. The magsafe connector was expensive, made of 14 separate parts and that's just the charger side. It also required the computer and charger to carefully manage the power delivery to avoid shorts, further adding to cost.

        Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.

        You will note that the magsafe connectors on cooking equipment were almost e

        • Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.

          You don't seem to have really internalized what having a high profit margin means.

          You're saying, "Gosh, they could just have a low profit margin on their device instead." While true, it isn't a useful point.

          As a consumer I certainly don't want to buy a device with a high profit margin! I certainly wouldn't go around expecting such devices to have quality parts. That would be insane.

    • by Agripa ( 139780 )

      Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

      This switch implementation by Apple is innovative because it may be secretly bypassed in software for lawful surveillance purposes.

  • ...we don't even have drivers for that, so we don't have that issue :)
  • so in the new mac pro storage capped at pci-e x4 stacked off of the t2 chip??

    so even if it has 4 pci-e disk at X4 each they will all be locked to the T2 at pci-e X4?

  • When you rotated the barrel of the camera, physical blades would block the lens completely.

    Nowadays you have to use a piece of tape to accomplish that simple task. Why not just have a little physical slider, built into the laptop, which would obscure the lens?

  • "[...] The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed."

    That's a perfect idea ... until someone comes up with a way to record audio through fluctuations in the camera's output due to the shifting patterns of air pressure.

  • These phones are mostly built in red China.
  • The information that you provided above is so relevant to know about Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Microphone. Thanks for sharing. Still anyone wants to know more about Apple Mac then i suggest you to read https://www.mactechnicalsuppor... [mactechnic...umbers.com] blog, to gathered more information.
  • remember, the T2 chip is also used to disable the computer when it detects non-apple replacement parts.
    this is just a stupid story to take your attention away from that fact and have you think that having the T2 chip in your computer is a good thing.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...