Sure. The agencies want you to believe that. You think “your” emails have never been scanned through NSA’s prism filters?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys
- Thread starter MacRumors
- Start date
- Sort by reaction score
Emails are completely insecure. Everyone's emails have probably been scanned by multiple foreign agencies, Google and maybe Facebook.
People are getting so upset here you’d think they have been already hacked.
How often do you use private key encryption on a day-to-day basis? The research paper mentions OpenSSH, is that used much outside the professional world? Maybe if you connect to a SFTP server regularly.
The M3 does have a solution, you would have to update your OpenSSH to a version that disables DMP in hardware. Which will impact OpenSSH performance but nothing else.
I wish I had a M3 instead of a M1, because that’s more secure, but honestly it doesn’t seem that big of a deal.
How often do you use private key encryption on a day-to-day basis? The research paper mentions OpenSSH, is that used much outside the professional world? Maybe if you connect to a SFTP server regularly.
The M3 does have a solution, you would have to update your OpenSSH to a version that disables DMP in hardware. Which will impact OpenSSH performance but nothing else.
I wish I had a M3 instead of a M1, because that’s more secure, but honestly it doesn’t seem that big of a deal.
GoFetch exploit can't be disabled on Apple's M1 and M2 chips
For now, cryptographic work should be run on slower Icestorm cores
Looks like M3 mac's are not affected.
Worrying is what people do when they are helpless.
It’s not “worrying” when you educate yourself, take precautions and prepare for the worst. My kids’ piano tutor of 6 years came to her last piano lesson with us in early 2020 after she said COVID was “nothing to worry about” and giggled about people’s concerns. You would think a global pandemic would alter people in some way for the better but it doesn’t. Things just don’t penetrate some people’s skulls.
yes, but people don't know that. They still think you need a written warrant with a person who manually scans every word in your email, just once for that warrant.
nevertheless, email *can* be secure. What you put in the envelope can be encrypted, coded as per your wishes. People may open and read the envelope but it'll be gibberish to them as long as they cannot decrypt it.
Yes, for example Proton Mail is actual genuine secure end-to-end encrypted e-mail.
Unlike Apple, Google, Microsoft, etc. they don't sell people's personal data.
Back on topic, Apple should really re-hire their Apple Silicon engineers.
No one wants to buy insecure non-fixable computers.
This is stupid. The M3 isn't affected by this issue.
I wouldn’t call a global pandemic an edge case. Do you really feel helpless in regards to this exploit?
Encrypted email is dead. E2E encryption may be there. However, an attacker can simply compromise the endpoint. At some point you have to decrypt the message at the endpoint or else the service itself is useless. Once it’s decrypted there, a rogue endpoint app/
OS malware can leak the contents.
Hello,
I've spent a lot of time trying to understand this exploit, but still I don't have positive answers to these fundamental questions.
Can people with the knowledge of the matter please advise:
1. To enable this exploit, does someone need to have physical access to my computer, or me installing a malicious program as an Admin will be enough?
2. What is the actual real-world impact a malicious attacker having access to my encryption keys, in Layman's terms?
I've spent a lot of time trying to understand this exploit, but still I don't have positive answers to these fundamental questions.
Can people with the knowledge of the matter please advise:
1. To enable this exploit, does someone need to have physical access to my computer, or me installing a malicious program as an Admin will be enough?
2. What is the actual real-world impact a malicious attacker having access to my encryption keys, in Layman's terms?
Last edited:
1. Installing a malicious program is enough. You may need to install Asahi Linux and boot from it though, as discussed in this thread.
2. I cannot tell if you actually have encryption keys or not. If you do, an application that uses them can be leveraged by the attacker to repeatedly use the encryption key until the malicious app has enough information to tell what is the encryption key value. An example of application using an encryption key is "ssh" or "sftp".
Thank you. So no impact to a casual user or a design professional? Neither me nor my wife use ssh or sftp.
My dog did NOT die yesterday. I can prove it by playing fetch today.
Proving things didn't happen isn't really any harder than proving they did. There's this false idea out there that you can't prove a negative, which is absurd.
It seems to me that the issue would fixable by introducing a new API, let’s call it with_secure_context() that would receive a function and execute it in timing-insensitive mode. Apple Silicon already supports ARM data independent timing feature which does this, the issue with gofetch seems to be that baling this mode does not correctly disable the prefetched. However, the prefetched can be disabled on M1/M2 by manipulating CPU control registers. This is why an API is required - the OS will ensure that all security features are correctly turned on.
As a final note, secure computing is hard. It is not realistic to expect that all code you run is completely secure and free from observable effects, and we shouldn’t try to build processors with such properties. It is however important that processors have a lower-performance secure mode to support these kind of operations. This is what newer ARM and Intel processors support, and it’s IMO the correct path forward.
As a final note, secure computing is hard. It is not realistic to expect that all code you run is completely secure and free from observable effects, and we shouldn’t try to build processors with such properties. It is however important that processors have a lower-performance secure mode to support these kind of operations. This is what newer ARM and Intel processors support, and it’s IMO the correct path forward.
How do you know your dog didn't die yesterday but then came back to life? 🤔
