loader from loading.io

Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Release Date: 10/16/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet  show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito.  We got into a lengthy discussion about Hunter Biden and the legitimacy of the emails and how to tell, also about computer repair shops and then a little about Steve Scully's tweet and his lies about it. Here we go with Jim. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] That is a dead give away and these news agencies such as Fox who have seen both emails, I'm sure dug into it because they said these emails were legitimate because we...

info_outline
AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities show art AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. You will find here a different host this morning on NH Today. Jack Heath has moved on to another radio group. I was on with Scott Spradlin. We discussed election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities. Here we go with Scott.  These and more tech tips, news, and updates visit. -  ---  Automated Machine Generated Transcript: Craig Peterson: How vulnerable are the web pages where these final tallies are as well. So...

info_outline
Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast show art Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses a new Phishing Scam that is targeting Republicans with a legitimate email but that adds an attachment with a nasty trojan payload.   For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hi, everybody. We're going to be talking about some new Trojan malware that targets Trump supporters. Some new tools that are out there. Ransomware being paid by one of the country's biggest online providers right here. Hey everybody. I'm Craig Peterson. Today we are going to with no...

info_outline
Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast show art Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments.  I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here.  I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I...

info_outline
Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast show art Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses why State and Local governments are getting ransomware and who is actually at fault. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go. Hey, thanks for joining me. This is Craig Peterson of course. Tyler technologies, you might not...

info_outline
5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast show art 5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses 5G and explains how it works why what you may have heard about 5G speeds might have a bit misleading. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Are you as excited about five G as I am? I got some good news and I got some bad news and we're going to explain 5g here because five G, isn't five G, isn't five G.  Why is Europe so much faster? Hey everybody. Thanks for tuning in. You're listening to Craig Peterson. five G held open a couple of different promises. One of the big promises of five G was...

info_outline
 Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast show art Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig helps to unravel the mystery behind disk encryption and tells you what you need to know. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you.  Thanks for listening. I'm Craig Peterson. Let's talk about that security....

info_outline
Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast show art Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the vulnerabilities in Apple's T2 Chip. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2  what's Apple doing that's what we're talking about right now. Hi everybody. Craig Peterson here. Welcome back. So glad to have you.  I...

info_outline
Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast show art Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson  We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip,...

info_outline
Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast show art Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it. Hi, welcome back. This is Craig Peterson here. Verizon. I'm not sure if you've seen these before, but Verizon has...

info_outline
 
More Episodes

Craig discusses the vulnerabilities in Apple's T2 Chip.

For more tech tips, news, and updates, visit - CraigPeterson.com

---

Trojan Malware Targets Trump Supporters

Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0

Tyler Technologies finally paid the ransom to receive the decryption key

5G in the US averages 51Mbps while other countries hit hundreds of megabits

Appleā€™s T2 security chip has an unfixable flaw

Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance

Android Ransomware Has Picked Up Some Ominous New Trick

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2  what's Apple doing that's what we're talking about right now.

Hi everybody. Craig Peterson here. Welcome back. So glad to have you.  I appreciate you being with me today and by the way, you can get all of this background information by going online. If you are on my email list over the weekend.

I will send out an email that has all of the articles I'm talking about here today. So go to Craig peterson.com/subscribe. All right.

We were just talking about the whole T2 problem that Apple has on their hands right now on macs. This new jailbreak now is allowing researchers to probe this T2 chip and explore all of the security features. That is not a good thing. You can even use it to run Linux on the T2, because this chip, the security module is a computer. You can play doom on the Mac book pros, touch bar doing this. This jailbreak could really be weaponized by malicious hackers as well to disable macOS security features like the system integrity protection, which is used to stop people from modifying files that should not be modified.

It also could turn off secure boot and install Mount malware, which is a real problem. We've got, these machines are no longer using the bios. Now they're using more advanced stuff, the UEFI stuff. That is also an operating system in and of itself, much more advanced than we had ever seen before with bios.

Now there is another T2 vulnerability that was publicly disclosed in July by a Chinese researcher group. This particular jailbreak could also be used to obtain file vault encryption keys, and to decrypt user data. This is good. Okay. Because the vulnerability is unmatchable because this flaw is at a low level.

It is in the hardware inside this T2 chip. It is an unchangeable code. In the hardware, it's the firmware. Now the T2 chip, as you can probably tell, is designed and intended to be a lockbox inside the macs. Something where information can be restored, where information can be read from it's used to generate a cryptographically secure key.

It's used to hold those keys. Handling things like lost mode enforcement, where a computer is lost and you have to log in using your Apple account in order to get it back online. It's bad. Integrity checking all of these different privileges. So it is a very big deal that this chip has been compromised.

Now the good news is longer term. There's a couple of pieces, but one is now we know about it. We know how these groups were breaking into Apple equipment. They did not expose it. Under President Trump, the national security agency has been ordered to release information about vulnerabilities that it finds.

And the idea there is, okay, NSA, you have all of these cooked up vulnerabilities that allow you to get into windows machines and iMacs and phones, et cetera. if you can figure it out, odds are good that the Chinese, the Russians, the North Koreans, maybe some others like Iran, odds are good that they can figure it out as well.

So NSA, you need to tell the vendors of these different pieces of hardware and software, when you find a vulnerability. if you ask me, I suspect that the NSA and CIA keep a few of these hacks in their back hip pocket, but they actually have been following President Trump's directive, which is absolutely phenomenal in my mind.  It's, it is silly slash stupid to have these government agencies know about problems, like what we're talking about right now, this T2 chip problem. How long have government agencies known about it? We don't know because this has been reported by two different security researchers at this point. So that's good news. Frankly, because in future versions, we'll have this fixed as time goes on, everything's going to get locked down better and better, but there are some important limitations of this jailbreak as well.

So this is not a full-blown security crisis. So the first is that an attacker would need physical access in order to target your Mac computer or your iPhone. So that's number one, they have to have their hands on it. So the tool can only run off of another device over the USB port to use the buses inside the mac to get to the T2 chip.

So that means that hackers can't remotely infect macs. They can't mass infect every Mac that has a T2 check chip in it. They could jailbreak a target device and then disappear. Here is the good news the compromise if they were to break in and put some malware into your Mac, it isn't persistent. In other words, when that T2 chip is rebooted, the jailbreak goes away.

Then the compromise that they did to that T2 chip goes away. I should point out too, that at least right now, I suspect Apple's probably going to be able to come up with a patch for this in the operating system. But right now it's important to note that, T2 chip itself does not necessarily reboot every time the device does. So to make certain that you, that your Mac has not been compromised.

So if you're going to China and I'm dead serious about this, China's known to sneak into hotel rooms and steal everything that they can that's on your computers.  If they have to they'll steal it in an encrypted fashion.  That's the whole idea behind the trusted platform stuff in the T2 chips.

 To be certain that it has not been compromised by jailbreak the T2 chip has to be restored to Apple default. So the jailbreak does not give an attacker instant access to encrypted data. It could allow hackers to install key loggers or other malware. They could later grab decryption keys or it could make it easy brute force attack it.

But this particular hack we're talking about right now, this is the check RA1N or check rain. It's not a silver bullet there.  When we look at this as a whole, the T2 chip compared with other vulnerabilities, there are other vulnerabilities, plenty of them.

Most of them are sitting at the keyboard. It's the wetware two and me a 60 plus percent of the time when there is a hack of some sort it's because of something you or I did. So remember that there's plenty of other vulnerabilities. This is a difficult one. I would turn off my computer, my Mac entirely, boot it from scratch every time that should get that T2 chip to reboot.

I think that's an important thing. So anytime someone else may have access to your Mac, just shut it down. That's important too because there are other hack techniques that include freezing the memory on the computer. They can just use canned air, hold it upside down so that liquid comes out, spray it on the memory.

Pull the memory, which you cannot do by the way in the latest Mac books, it is soldered on, but pull the memory and get direct access to it. It will keep some of the keys in memory. That's a very difficult way to do it. Apple has some things still built in that are still functional that can and will stop that type of a hack.

Okay. And when we get back, we're going to talk more about the hardware security, what you can do, the different levels of it, and everything else. Your listening to Craig, Peterson.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553