With news that M1 Macs have already become the
target of malware – and especially in the light of the
Silver Sparrow case – you may be wondering if Apple has made a mistake moving to the new processor architecture, but the good news is that there are a lot of measures in place that should mean M1 Mac users are even more highly protected than their Intel Mac counterparts.
At regular intervals Apple publishes a so-called Apple Platform Security Guide, a comprehensive, English-language PDF manual about Apple’s security concept for iOS, macOS, and other platforms. It is intended primarily for corporate customers who want to get more technical background on Apple’s Secure Enclave or Neural Engine. But it is also very useful for interested Mac users and details many of the security functions in the operating system and hardware. In the current version (published in February) you can, for the first time, find out many details about the security functions of Apple’s M1 CPU, which features in the November 2020 MacBook Air, 13in MacBook Pro and Mac mini.
Of particular interest are the many parallels in the structure of the M1 and A14; the M1 chip has almost identical security measures as the iPhone CPU. Many of these security measures will only be of interest to experts, such as ‘Pointer Authentication Codes’ or ‘Sealed Key Protection’. But some, such as Face ID, will have an impact on everyday users.
Protection of user data
If there is a system problem and the Mac is booted with a rescue system, the user data is automatically protected. This also applies during firmware updates, DFU mode or software updates. This is a big contrast to the Intel devices, whose data could be accessed via hard disk mode, for example. It is still unusual, for example, that you can update an M1 Mac using a second Mac and Apple Configurator.
Third-party providers can also use a new file-level encryption on a Mac with an M1 chip. The advantage of encryption using an M1 chip: Sensitive data is better protected without disrupting system performance. This technology, called “Data Protection”, uses AES-256 from M1 and A14 onwards, AES-128 was previously used.
A special feature that Apple already uses for its iPhones is a secure boot process. In contrast to the Intel Mac, there is no longer a boot partition for the M1 Mac. Before the system starts, the M1 chip checks that the macOS system software loaded during the startup process is authorised by Apple. This authorisation is also continuously protected in the background. For the user, however, this also has the disadvantage that old backup methods such as cloning a system (e.g. with Carbon Copy Cloner) to an external storage medium no longer work, for the time being at least. Due to this the Mac should be protected from malware attack during the boot process.
Protection against data theft
The Sealed Key Protection technology is only available for devices with Apple CPUs. This is to prevent encrypted data from being copied from a device to a storage medium and later decrypted.
The technology is presented in more detail
on Apple’s website.
Current Secure Enclave
The Secure Enclave was introduced by Apple with the iPhone 5S and has been continuously improved. The current version is integrated in the M1 and offers new and improved functions compared to the T2 chip, such as a boot monitor and a second generation Secure Storage Component.
As with the A14, the M1’s Secure Neural Engine is integrated into the processor’s neural engine. However, there is a separate security controller that switches between the tasks of the application processor and the secure enclave. After each use, for example, the status of the Neural Engine is reset to protect the Face ID data.
Memory Protection Engine
The memory of the new Macs is specially protected, a task of the Memory Protection Engine. More details on
Hardware shutdown on Mac and iPad
Another interesting new function, which some newer Intel Macs already feature, is the hardware shutdown.
Some spy programs were able to remotely switch on the microphone of a Mac or iOS device. From the MacBook Pro and MacBook Air 2019 onwards, the microphone is switched off by hardware when it is closed. Software then no longer has access, even with root rights. (As Apple notes, the camera is covered anyway when it is closed).
From 2020 iPads will also have such a function – triggered by a case. If the display is covered with an MFI case (not only from Apple), the microphone connection is immediately disconnected on the hardware side.
For more information about Mac security read:
How Secure is a Mac where we cover the best security settings, we also have a complete list of the
malware and viruses that have appeared on Macs, and
Can Macs be hacked? will fill you in on the risks and how to avoid them. Protect yourself with a Mac antivirus, we cover the best options here:
Best Mac Antivirus.
This article originally appeared on
Macwelt. Translation by Karen Haslam.