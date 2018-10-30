Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com) 119

Posted by BeauHD from the safety-first dept.
An anonymous reader quotes a report from TechCrunch: Buried in Apple's latest range of MacBooks -- including the MacBook Pro out earlier this year and the just-announced MacBook Air -- is the new T2 security chip, which helps protect the device's encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device's microphone from the rest of the hardware whenever the lid is closed. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," said the support guide. The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed." Apple said the new feature adds a "never before seen" level of security for its Macs, without being quite so blunt as to say: Macs get malware too.

  • T2 chip? (Score:3)

    by b0s0z0ku ( 752509 ) on Tuesday October 30, 2018 @06:06PM (#57564641)
    Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)

    • Re: (Score:2)

      by msauve ( 701917 )
      Yep. No need for some special "T2" chip - all (?) laptops have a lid switch, and stopping an analog signal based on it being closed isn't high tech.

      Next week, we'll hear of some security flaw which allows evildoers to listen in based on fluctuations in SSD access times, or some such.

      • The wheel is pretty easy to implement too.

        • Re: (Score:2)

          by msauve ( 701917 )
          If the thunder don't get you then the lightning will.

          • Re: (Score:2)

            by rworne ( 538610 )

            Unfortunately, we are not talking about or thunderbolt or lightning ports. The cameras on all modern Macs are USB devices.

            • Re: (Score:2)

              by msauve ( 701917 )
              "we are not talking about or thunderbolt or lightning ports. "

              Please state your confusion in the form of a coherent question.
        • I didn't know T2 [wikipedia.org] came in chip form, usually it's either loose-leaf or in small packets.

          • The T2 is found directly between the T1 and T3, and counting down from the base of the skull, it is the 9th vertebra. It serves as the anchor point for your second rib on your posterior side, which in turn connects anteriorly with your sternum at the sternal angle, (where the manubrium, or upper part of the sternum, meets the sternal body, (a.k.a. your breast bone,) around the front side of your thorax).

            (Okay, I might have had to reach for the old anatomy textbook for SOME of that information...)

      • for a minute there i thought they were going to stop the baseband processor being used to remotely listen on iphones. silly me.

    • Re:T2 chip? (Score:4, Insightful)

      by Rick Schumann ( 4662797 ) on Tuesday October 30, 2018 @06:27PM (#57564779) Journal

      Is the T2 chip really needed to implement a simple hardware disconnect?

      No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.

      • Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...

        • Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...

          That's easy: Apple.

          They have been designing custom silicon since the Apple ][ days. Seriously.

      • Is the T2 chip really needed to implement a simple hardware disconnect?

        No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.

        Exactly. Took 5 minutes of engineering time, max.

      • They should have dedicated an entire separate computer to the task of switching off audio. Clearly they still haven't made it complicated enough yet.

    • So how long until this chip wants to find Sarah Conner?

    • Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)

      No.

      The T2 chip does a BUNCH of stuff. This was something that took two dedicated pins/pads and a single transistor in the chip.

      Why not?

    • Any system with remote management features made in the last decade have ways of being woken up remotely. Wake-on-LAN, vPro / AMT, etc

  • Errr Title? (Score:4, Insightful)

    by thegarbz ( 1787294 ) on Tuesday October 30, 2018 @06:09PM (#57564675)

    Title: Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
    Summary: "This disconnect is implemented in hardware alone, and therefore prevents [snip] even the software on the T2 chip, from engaging the microphone when the lid is closed,"

    So...

    • So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.

      • So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.

        Exactly.

        And since laptops like the new MacBook Air have MULTIPLE microphones for better phone-call and "Hey, Siri" operation, it is easier to implement a hardware-switch electronically than mechanically. And since Apple was building this chip anyway, why not stick a 3 channel Analog Switch with a single Enable line in the same chip?

      • Well I guess in this brave new world we need to throw silicon at things that could be easily achieved via a dumb switch.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      It's not even new, this kind of thing has been on laptops for decades. I remember similar stuff back in the 90s, where a physical switch would be actuated by closing the lid and disable stuff like the screen backlight and the microphone. Back then Windows' power management was a joke so manufacturers used hardware switches.

  • T2 (Score:1)

    by Anonymous Coward

    Judgement Day

    It's a more advanced version of the T1, sent back from the future to kill the leader of the resistance.

  • No, it doesn't work on the camera.

    • To be fair, they said it doesn't work on the camera because the camera's view isn't exactly problematic when the lid is closed. ;)

  • A switch? (Score:3)

    by hawguy ( 1600213 ) on Tuesday October 30, 2018 @06:27PM (#57564781)

    Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

    • So which laptop that you designed has this simple feature?

      Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.

      • Re: (Score:2)

        by hawguy ( 1600213 )

        So which laptop that you designed has this simple feature?

        Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.

        I know you assume that since I'm posting on Slashdot that I'm an expert in the field, but I not actually a laptop design engineer.

        I tried to find the forum post where I suggested exactly this feature a couple years ago, but I don't remember where it was. A hardware switch to physically disable the camera and microphone sounds like such a no-brainer than I didn't think anyone would think it was innovative or hard to imagine.

        • It isnâ(TM)t, and yet no laptops have it. The story here isnâ(TM)t that lid switches are innovative, itâ(TM)s that finally a company understands that privacy is a feature.

          • Re: (Score:1)

            by aybiss ( 876862 )

            No, the story here is that a company has created special hardware to behave like a switch. Special hardware which is so ridiculously complex for the job at hand, that it's almost guaranteed to be exploitable.

    • Re: (Score:3)

      by Uberbah ( 647458 )

      Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

      Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't in

      • Re: (Score:2)

        by hawguy ( 1600213 )

        Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.

        Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.

        If that's such a great laptop innovation, then why isn't Apple using them anymore?

        • Re: (Score:2)

          by Uberbah ( 647458 )

          That Apple has developed an unhealthy Air fetish (minimizing laptop dimensions to the detriment of usability) in no way diminishes the advantages of a magnetically-attaching power cord. The company has more money than God, there's no reason why they can't have a minimalist Air line and a proper Pro line at the same time.

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        So very obvious that it wasn't innovative - yet only one company thought to try it.

        It's not that it was a great innovation, it's that only Apple thought people would pay for it. The magsafe connector was expensive, made of 14 separate parts and that's just the charger side. It also required the computer and charger to carefully manage the power delivery to avoid shorts, further adding to cost.

        Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.

        You will note that the magsafe connectors on cooking equipment were almost e

  • ...we don't even have drivers for that, so we don't have that issue :)

  • so in the new mac pro storage capped at pci-e x4 stacked off of the t2 chip??

    so even if it has 4 pci-e disk at X4 each they will all be locked to the T2 at pci-e X4?

  • When you rotated the barrel of the camera, physical blades would block the lens completely.

    Nowadays you have to use a piece of tape to accomplish that simple task. Why not just have a little physical slider, built into the laptop, which would obscure the lens?

  • "[...] The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed."

    That's a perfect idea ... until someone comes up with a way to record audio through fluctuations in the camera's output due to the shifting patterns of air pressure.

  • These phones are mostly built in red China.

