A Cybersecurity Professional’s review of the M1 Pro Macbook

8 min readNov 8, 2021

It has been more than a week since Apple released the new M1 Pro and M1 Max Macbooks, and I was more than eager to finally replace my ailing late-2013 13-inch MacBook Pro, which had by now become a truly decorated veteran after 8 years of service. Many had put off upgrading as the previous Macbooks had some questionable design choices (butterfly keyboard… touchbar…), but there was good reason to finally take the plunge now: Apple had (re)assembled the most sought-after features into a package hopefully better focused on the “Pros". They added blazing fast M1 Pro and Max processors, removed the superfluous touchbar, added back lots of ports, added an eye-searingly bright screen, and I’ll-be-damned they brought back Magsafe. For many, this was the moment we had been waiting for.

As a techie, I leapt on the hypetrain like a kid at a McDonald’s ball pit, diving into countless reviews and pouring though MacRumors forums to be better informed before purchasing. However, through all the content, something still felt missing. Most of the reviews I found focused on benchmarks, video and photo editing, and gaming. Granted, there were a few focused on developers (D3V Tec is a pretty good one). But, none really answered the burning question I, and probably many fellow cybersecurity professionals, had: How good are the new MacBook Pros for us?

Unfortunately, before I could find answers to that question, Apple’s beautifully designed webstore had ensnared me. Next thing I knew, an Apple Store employee was congratulating me and there was a new 14inch MacBook Pro in my hands.

“It’s okay,” I thought. “It’s Apple, they would have figured it out for us.”

However, I soon found out that things were not as smooth sailing as initially thought. There were many things about the M1 Pro/Max Macbooks that the reviews never mentioned. Important things that probably should be shared with developers and cybersecurity professionals before you splurge on these laptops. So, after a week of tinkering with the M1 Pro 14inch Macbook, I have compiled a list of key takeaways that would hopefully help you make a better purchasing decision.

Securing the Notch

Let’s start with something simple that everyone has been talking about: The notch.

The Macbook Pro’s notch camera module. Source: David Pogue on Twitter

The notch module, as shown by David Pogue on Twitter, houses not just a camera, but also a TrueTone sensor for consistent colors in different lighting conditions, and an ambient light sensor to adjust the screen’s colors and brightness based on the room’s lighting. I really like the improved camera for video calls, it’s crisp and the ISO levels make you look bright even in a dark room.

However, the first thing I would always add to my laptop is a privacy cover for the webcam. Privacy is incredibly important and every security-conscious person worth their salt will be naturally skeptical of their hardware. Thus, it is common to see these plastic “blinds" being pasted over laptop cameras to physically block the camera. So when the notch arrived, it became quite an issue to find a privacy cover that would not cover the screen or the other sensors in the notch. At least, I have not found the right solution yet. So, if this is a big concern for you, maybe wait till someone comes up with a good solution, or if you’re ok with mucking up the sensor, just paste a tape on it like Mark.

Mark Zuckerberg on the left with laptop in the backgroun, and a zoomed in image of his laptop on the right, with the camera and headphone jack taped up. — If Mark Zuckerberg knows the dangers of an exposed webcam and mic, you should too. Source: Chris Olson on Twitter

Apps (In)compatibility

Pentesters have an arsenal of apps in the toolbox to get the job done. But as I will show below, M1 Macbooks do not make it easy to wield some pretty common tools. Turns out, the biggest issue with the new Macbooks was with something they had already released a year ago: Apple silicon.

Virtualization

VitualBox was my go-to virtualization app on my late-2013 Macbook Pro running Intel. However, moving to Apple silicon, VirtualBox does not work anymore. The app itself launches fine with Rosetta 2, but VMs will not (even ARM64 ones). The lack of support had been confirmed in this support ticket as well.

Error on starting up an Ubuntu VM in Virtualbox.

Thankfully, there is another alternative: VMware Fusion. In Sept 2021, VMware announced a tech preview of Fusion for Apple silicon. I have been testing virtualizing Ubuntu Server 20.04 (ARM64) and it had been working smoothly so far.

Of course, the Fusion tech preview would still have a wide range of issues. For example, installing VMware Tools the default way does not work (by clicking “Reinstall VMware Tools” in the options menu). You’ll have to manually install it in the supported VM. On ARM64 Ubuntu, this is done on the command line with:

apt-get install open-vm-tools && apt-get install open-vm-tools-desktop

For Kali users, there is an ARM64 version, but VMware-tools unfortunately does not seem to be working yet.

Manual installation works on Ubuntu, but isn’t as straightforward for Kali. Source: VMware

For Windows, it used to be pretty bad as Microsoft only had a preview ARM64 version of Windows 10. Fortunately in Sept 2021, they released a much better Windows 11 ARM64 version (guide to install here). An alternative if you really need x64 is to use Parallels, but the full version isn’t free.

So virtualization seems to still be quite limited for the M1 chips, although the situation seems to be improving. Some CTFs, courses, or even your daily work will require using VMs to explore pre-loaded software or to conduct forensics. So it may be quite unfortunate to be unable to run those VMs if they are x64-based.

For booting Linux natively, the Linux kernel still seems to be unstable for daily use with M1 Macs, but progress is being made. There are projects like Asahi Linux trying to solve this, and they recently (Oct 2021) got it running. Linus Torvalds himself announced an update to the Linux kernel that added critical support for ARM chips, including the M1.

Burpsuite

Burpsuite is a key tool for pentesters to analyze network traffic. On the M1 Macbook, it seems to be working, although I had an initial hiccup trying to launch the in-built Chromium browser. However, a restart seemed to fix the issue.

The problems start when running Burpsuite on an ARM64 Linux VM, which is a valid usecase when trying to keep research to a sandboxed environment. Currently, as of 3 Nov 2021, Burpsuite is not compatible with ARM64 Linux OSes. This is an awkward problem since the base MacOS is able to run Burpsuite through Rosetta 2, but Linux VMs on the same machine is not able to. Many apps will also be in such a situation.

Wireshark

Another extremely popular network analysis tool is Wireshark. It seemed to work fine on MacOS with Rosetta 2, and the Ubuntu VM was able to install an ARM64 version just fine with:

sudo apt install wireshark-qt

However, other Linux distros may not have a pre-compiled version thus you may need to compile Wireshark yourself.

The Sleuth Kit + Autopsy

A fan-favourite digital forensics tool is The Sleuth Kit (TSK) with Autopsy. Unfortunately, running Autopsy (github instructions) on ARM64 does not seem to be straightforward. Firstly, the official instructions are only suitable for x64 architectures, so some adjustments will be needed. Secondly, comments online seem to indicate further problems as the version of TSK required by Autopsy is not available in ARM64 format. For those who like playing CTFs, this may be quite a bane.

Overall thoughts on incompatibility

There are plenty of other apps that could be tested, but I think the point has been made: Dealing with app incompatibility will be the main theme of working with the M1 Macbooks. Owners of the earlier M1 laptops and Mac mini would have already experienced the worst of app incompatibility, but I was surprised that many common developer and pentesting apps today are still not fully compatible with M1 ARM64, even with Rosetta 2 chipping in (pun intended).

Compatibility overview of tested apps. ✅ — supported, 🚫 — not supported (Source)

The most trying aspect of dealing with the incompatibilities is that a lot of apps do not clearly document whether they support M1 or not. In writing my review, a lot of the evidence pointing towards incompatibility had to be dug out from forums and comment boxes rather than official documentation. You may also find yourself spending a lot of time trying to find answers, and the uncertainty of trying to figure out if an issue with one’s app is due to some bug, or that the app genuinely does not support M1, can get quite tiring.

I definitely found it frustrating to determine app compatibility. So, to track this in a more sustainable way, and to tap into the power of the community, I’ve created a simple webapp which you can view the list of tested cybersecurity apps, and also submit requests or share compatibility knowledge for apps. Hope you find it useful :)

Conclusion

Some final thoughts about the M1 line of Macbooks:

Battery life: 14 inch battery still lasts a long time for coding and running VMs, won’t be worried about rushing to find a charging point in the middle of the day
Camera: incredible for Zoom video calls
Keyboard: Better than the butterfly keys, still shallower than the late-2013 keyboard but more tactile
Ports: HDMI is super welcome for presentations without dongles, but the headphone jack is actually less useful to me now after moving to Bluetooth

If not for the app incompatibility issues, the new laptops are a very welcome upgrade. If you have an Intel laptop, you may want to keep it around for awhile just in case, while developers continue to work on ARM64 and M1 compatibility.