Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Password cracking tool can slowly hack T2 Mac passwords

MacBook Pro

Last updated

A company that makes a password cracking tool says that a new vulnerability found in the Mac T2 chip allows it to brute force passwords and decrypt a device.

Apple's T2 chip, among other features, allows a Mac user to encrypt and decrypt data on their SSD. That encryption is bolstered by other security features, like a limit on the number of password attempts to mitigate brute force attacks.

Because a Mac's password isn't stored on its SSD, bypassing this encryption meant that an attacker would need to brute force the decryption key, which could take millions of years. However, a company called Passware says it can now defeat this security mechanism.

Passware's unlocking tools were previously able to crack passwords on Macs without the T2 chip. However, earlier in February, the company quietly announced an add-on to the latest version of the software can bypass the brute force mitigation protections on a T2 chip.

That module available for the Passware tool apparently exploits a new T2 chip vulnerability to circumvent the password attempt limit. The end result is that an attacker can apply a password dictionary and brute force a Mac's password, allowing them to potentially decrypt the device's data.

Passware-enabled attacks are slow, however. The company's password cracking tool can guess 15 passwords per second. If a user's password is relatively long, brute forcing a Mac could still take thousands of years. Shorter passwords are more vulnerable, with a six-character password crackable in about 10 hours.

The company is also offering a dictionary of about 550,000 commonly used passwords alongside a longer dictionary of about 10 billion passwords.

Password's T2-bypassing tool is available both to government customers and companies that can provide a valid justification for its usage. It costs $1,990.

Brute forcing a Mac's password requires physical access to your device, so the feature isn't going to be a significant concern for most users. Users who lock down their Mac with a longer and strong device password can also rest easy knowing that a brute force attempt could take thousands of years.

Similarly, the flaw only applies to Intel-based Macs with a T2 chip. Mac devices with Apple Silicon or M1 chips are unaffected.



6 Comments

tyler82 1107 comments · 18 Years

Which is why using long mixed character passwords for all your devices and accounts is so important!

lkrupp 10521 comments · 19 Years


Brute forcing a Mac's password requires physical access to your device, so the feature isn't going to be a significant concern for most users. Users who lock down their Mac with a longer and strong device password can also rest easy knowing that a brute force attempt could take thousands of years.

Whew! I can sleep better tonight. Another apocalypse averted. Chicken Little is wrong once again.

markbyrn 662 comments · 14 Years

I wonder how many will read about this and change their five-letter dictionary password to something a bit more robust.  The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 

MichaelKohl 25 comments · 4 Years

markbyrn said:
The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 

No, it is not possible to do a T2 firmware and if it was, then hackers could just apply their "special" firmware update. It is patched for new M1 machines.

rwes 200 comments · 11 Years

markbyrn said:
The article begs a question though; is the flaw fixable by Apple with a T2 firmware update or not? 
No, it is not possible to do a T2 firmware and if it was, then hackers could just apply their "special" firmware update. It is patched for new M1 machines.

That’s not how firmware updates work (I don’t think)… just about all are now signed so a back actor can’t do exactly that; install their “special” firmware update. If anyone could go updating firmware, people/hackers would certainly already be exploring that.

*If* this is addressable by a firmware update, Apple will have one out in short order I’m sure.