Mac malware is more common than Apple generally likes to admit. But a new protection in the company's specialized T2 security chip hints at a sophisticated type of attack that the company may be trying to preempt.

In a white paper released after Apple's iPad Pro and MacBook Air-focused hardware event event Tuesday, the company detailed how the chip, first introduced in last year's iMac Pro, will now include a mechanism to cut off a laptop's microphone at a hardware level whenever the lid is closed. This means that no matter what malware might be running on a device—and no matter how much device access and control that malware has—there won't be a way for it to use software tricks to keep your mic listening after you close your computer.

"All Mac portables with the Apple T2 Security Chip feature a hardware disconnect that ensures that the microphone is disabled whenever the lid is closed," the company wrote in the new documentation. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed."

"It sounds like the sort of thing a state-sponsored surveillance tool might do." Thomas Reed, Malwarebytes

Apple's custom T-series chips, which debuted with the 2016 MacBook Pro's T1, are dedicated to secure processing. Conceptually similar to other secure enclave schemes, they silo sensitive tasks like secure boot, TouchID, and encryption management away from the central processor, and limit what even the most privileged system user can modify within crucial security systems.

It's not immediately clear what this new capability hopes to forestall. When you close an Apple laptop, it generally goes into a sleep mode that automatically uses software to turn off internal sensors like the device microphone. In one notable exception, a MacBook can stay awake when the device is plugged into an external monitor and then closed.

Still, while eavesdropping malware in general is well-documented, a hacking tool that could bypass Mac software protections to get a hot mic on a closed laptop would represent a significant escalation.

"I've never seen anything like that; it sounds like the sort of thing a state-sponsored surveillance tool might do," says Thomas Reed, a Mac research specialist at the security firm Malwarebytes. "That kind of malware is generally hard to find in the wild, because it's used sparingly. It makes me wonder what Apple has seen to make this necessary."

At the very least, though, the fact that Apple has added a hardware protection implies that the company thinks it may be theoretically possible to create that very thing, or has maybe even seen it in practice. The company did not return a request from WIRED for comment about why it added the protection in the T2 chip.

Regardless, when thinking about user security it never hurts to take extra precautions to lock down device sensors. It's an issue third parties have attempted to tackle as well. Mac security researcher Patrick Wardle launched a Mac app in April called Do Not Disturb that tries to protect against so-called evil maid attacks, in which someone physically monkeys with your device while you're not watching it. Do Not Disturb works by sending you a mobile alert if someone opens your laptop while you're away from it. But as Wardle pointed out at the time, most evil maid attacks take advantage of an active and awake computer. Apple is going a step farther by offering a microphone protection for a device that is supposed to be asleep.

Apple said in the T2 white paper it didn't add similar protection for its iSight cameras, because they are fully covered when an Apple laptop is closed, and therefore can't "see" anything useful.

T2 chips are only in Apple's iMac Pro, 2018 MacBook Pros, and new MacBook Airs for now, but that still covers a good swath of Apple's current laptops. And whether the hardware-level microphone protection is a theoretical preemptive strike or a response to sophisticated, clandestine malware, it never hurts to have one less thing to worry about.

More Great WIRED Stories