The company Passware, which has made a specialty of unlocking solutions for Macs and PCs by brute force, has managed to “crack” the T2 chip. But beware, the process takes anywhere from 10 hours to…several thousand years, depending on the password and its length. But this remains possible thanks to a vulnerability exploited by the company, whose customers are mainly law enforcement but also companies.
Passware already knew how to recover passwords from older Macs (without a T2 chip) and decrypt volumes protected with FileVault with a brute force technique: thanks to GPU acceleration, the software could test tens of thousands of passwords per second, allowing him to quickly break into machines.
The T2 chip inaugurated in 2018 (and which is still at work in the latest Intel Macs in the catalog) has made things more difficult. Its secure enclave keeps the Mac password, whereas previously it was in the computer’s storage space. In addition, the chip limits the number of attempts to enter passwords, with increasingly long waiting times (read the white paper on the T2 chip).
2017 iMac Pro review: Everything you never wanted to know about the T2 chip and Secure Boot
According to 9to5Mac, Passware has developed a way to circumvent these protections that are supposed to prevent the use of brute force. The technical details are unknown, however the process is much slower: about fifteen password attempts per second. For T2 Macs protected by 6-letter passwords, the villain can expect a result within ten hours.
The publisher clarifies that this new force unlock module is only offered to governments and companies that provide valid justification. Very meager security… It should be noted that the Passware tool can only work with physical access to the Mac. To guard against this kind of attack, you can opt for a long password that does not use common words that can be found in dictionaries, and include special characters. Easier said than done !