Apple’s New T2 Security Chip Includes Microphone Kill Switch
The microphone disconnect feature is the most eye-catching feature introduced with the Apple’s new T2 security chip, as it ensures the device’s microphone is disabled whenever its lid is closed. On the 13-inch MacBook Pro and MacBook Air it’s implemented solely in hardware, meaning that no software can be used to engage the microphone, even if it has root or kernel privileges in macOS.
This is particularly important following the discovery of the Fruitfly malware in 2017, a highly-invasive malware for Macs that went undetected for several years. Very little is known about it, other than the fact that whoever controls it is able to remotely take total control of an infected device, including spying on users through the webcam. You can read more about this here.
Apple makes a point of stating that T2 doesn’t automatically disconnect the camera in hardware as its field of view is completely obstructed if the lid is closed, so a potential hacker wouldn’t be able to see anything anyway.
Another major security enhancement is the new Secure Boot setting, which ensures that only your current OS, or signed operating system software currently trusted by Apple, can run on startup. This is automatically set to ‘Full Security’ unless you manually downgrade it, and also won’t allow you to boot from any external media, such as USB or Thunderbolt drives, offering increased protection from hackers.
In this document released October 30, Apple outlines the main features and benefits of the new T2 security chip, which you can find in all Mac mini, MacBook Air and MacBook Pro models from 2018, as well as the iMac Pro. It’s designed to deliver “new capabilities” to your machine by redesigning and integrating the best features of several controllers found in other Mac computers, such as the System Management Controller.
The T2 is essentially an enhanced version of the T1, which was launched with the 2016 MacBook Pro. The main additions are an audio controller, image signal processor, and a mass storage controller (which includes an AES engine to encrypt your data). Improvements have also been made to existing features such as the Secure Enclave coprocessor, which is responsible for making sure your fingerprint can’t be spoofed by anyone else.
You can learn whether or not your Mac has a T2 chip in System Information. Simply press and hold the Option key, select either Controller or iBridge in the sidebar, and look for ‘Apple T2 chip’ on the right-hand side.