Saturday, November 23, 2024

Passware managed to find T2 Macs password by brute force

Must read

Jillian Castillo
Jillian Castillo
"Proud thinker. Tv fanatic. Communicator. Evil student. Food junkie. Passionate coffee geek. Award-winning alcohol advocate."

the society Pasoirewhich specializes in brute force unlocking solutions for Mac and PC devices, has managed to “break” the T2 chip. But beware, the process takes anywhere from 10 hours to … several thousand years, depending on the password and its length. But this is still possible thanks to the vulnerability exploited by the company, whose clients are mainly law enforcement but also businesses.

The T2 chip is in the center of the iMac Pro motherboard. picture iFixit (CC BY-NC-SA).

Password software already knows how to recover passwords from old Macs (without a T2 chip) and decrypt FileVault-protected volumes with brute force technology: thanks to GPU acceleration, the program can test tens of thousands of passwords per second, allowing it to quickly crack into machines. .

The T2 chip that opened in 2018 (and still runs in the latest Intel Macs in the catalog) made things even more difficult. Its secure enclosure keeps your Mac’s password, while it was previously in your computer’s storage. In addition, the chip limits the number of attempts to enter passwords, with increasingly long waiting times (read file white book on the T2 chip.

iMac Pro review 2017: Everything you need to know about the T2 chip and secure boot

iMac Pro review 2017: Everything you need to know about the T2 chip and secure boot

according to 9to5MacPassware has developed a way to circumvent protections that are supposed to prevent the use of brute force. Technical details are unknown, but the process is much slower: about fifteen password attempts per second. For T2 Macs that are protected with 6-character passwords, the villain can expect a result within ten hours.

The publisher explains that this new force unlocking unit is only available to governments and companies that provide a valid rationale. Very little security… It should be noted that Passware can only work with physical access to your Mac. To protect against this type of attack, you can choose a long password that does not use common words that can be found in dictionaries, and includes special characters. Easier said than done!

See also  Steamed, the unit temporarily controlled the fall of Babylon

Latest article