Hello, welcome to the Wednesday, October 7th, 2020 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jackstable, Florida.

I believe it was just yesterday that I talked about a UFI root kit that has been found in the wild well and today we do have a similar

story to start out with about sort of these embedded hardware slash firmware problems

this time affecting Apple's T2 security chip.

Now, first of all, what this T2 chip is trying to do is fundamentally difficult.

It's trying to protect a system from an attacker that has physical access to the system.

And of course, in the past, this has often failed, and apparently the T2 chip

doesn't get it quite right either. Now, this particular chip is not something that is sort of

standing on its own. It was developed just a security chip. It's actually based on Apple's A10 CPU that has been found in older iPhones.

And with that, well, we have a fully capable CPU. We also get pretty much a full operating system

called Bridge OS, which apparently is loosely based on watch OS.

So you have a CPU and you have a more or less fully functional operating system.

And essentially what this does is it carries over the security concept that was originally developed for the iPhone.

The iPhone in its 8-10 chip has a secure enclave processor that essentially stores things like

secrets.

And yes, this same SEP, the same secure enclave processor, also exists within the T2 chip.

And now it also has an operating system, but this operating system exists in ROM,

and that's a security feature in that it cannot physically be patched or updated.

But of course, by being based on the A10 processor and the SAP coming with that processor,

this T2 chip appears to be vulnerable to some of the same problems.

In particular, the checkmate exploit that of course has been taking advantage of now for a while to jail break iPhones.

...