Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys
- Thread starter MacRumors
- Start date
- Sort by reaction score
They will fix it but it will come at the price of performance as it is a hardware security issue. There are examples of these types of security issues happening before and the fix hurt performance as it basically requires giving up the hardware performance gains that now more or less has to get disabled.
A good reading from the past was on some Intel chips had something like this happen and those CPU took a hit as you can not patch hardware.
I only use the iPhone with wifi off for banking, etc. in their respective apps. It's the most secure way by far.
prefetch.
these hardware vulns always involve prediction/speculation units...
these hardware vulns always involve prediction/speculation units...
From the paper:
Section 6.1: "The end-to- end attack takes 49 minutes on average to finish"
Section 6.2: "The experiment takes 2.3 hours to complete"
Section 7.1: "The experiment takes 59 minutes to complete. After that, we spend another 5 hours on lattice reduction to extract the entire secret key"
Section 7.2: "The entire experiment takes 10 hours. An additional 5 hours are spent on lattice reduction to extract the full secret key"
That's a good point. At the same time, side-channel vulnerabilities have been known for many years and affect all modern CPUs, and yet I am not aware of a single successful active threat that would use these techniques successfully. So until the security researchers publish a utility that can for example demonstrably extract my private ssh key, I am not worried.
Apple Silicon is very fast on code that uses pointer chasing (e.g. compilers). It's not easy to quantify how much of that comes from prefetching, but it's probably a significant factor.
Sure, maybe in 5-6 years they will be able to catch up with M1, who knows.
You're right. Somehow I misread this in the arstechnica article for 4.9 minutes. My bad. Still it's not several of hours if they claim 49 minutes on average.
Yes, but at the same time all those x86-based side-channel vulns have been patched directly in the microcode and/or in the compiler itself. So no wonder they can't be misused on regular updated computer.
That's a good point though. I mean not publishing ready-to-use utility means script kiddies are out of the game. It does not mean serious hacker is not able to take advantage of it. And at the same time this does not imply only high profile ones are targets. This exploit may be included in some malware making it way more dangerous than it would be without this exploit.
They have the Spectre issue. Same same. You can disable functionality to remedy but it slows down your processor.
Does this affect the entire M-Series line? Even the M3's?![]()
An unpatchable vulnerability has been discovered in Apple's M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).
![m1-vs-m2-air-feature-toned-down.jpg]()
Named "GoFetch," the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.
The paper finds that DMPs, especially the ones in Apple's processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they're dealing with.
The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there's less for an attacker to observe and exploit.
However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.
The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.
In an email to ArsTechnica, the authors explained:
In summary, the paper shows that the DMP feature in Apple silicon CPUs could be used to bypass security measures in cryptography software that were thought to protect against such leaks, potentially allowing attackers to access sensitive information, such as a 2048-bit RSA key, in some cases in less than an hour.
According to the authors, the flaw in Apple's chips cannot be patched directly. Instead, the attack vector can only be reduced by building defenses into third-party cryptographic software that could result in an extreme performance degradation when executing the cryptographic operations, particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple's latest chip, has a special bit that developers can invoke to disable it, but the researchers aren't yet sure what kind of penalty will occur when this performance optimization is turned off.
As ArsTechnica notes, this isn't the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the M1 and Apple's A14 Bionic chip for iPhones, which resulted in the "Augury" attack. However, this attack was ultimately unable to extract the sensitive data when constant-time practices were used.
DMP-style attacks are not common, and typically require physical access to a Mac. The researchers informed Apple of the vulnerability in December 2023, and users concerned about the vulnerability are advised to check for GoFetch mitigation updates that become available in future macOS updates for any of the encryption protocols known to be vulnerable. Apple representatives declined to comment on the record when ArsTechnica asked about the paper.
Article Link: Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys
If a malicious actor gains physical or remote access to my Mac, I'll add this to my long list of concerns.
Really? Because people keep saying the mini form factor will never change because all those server racks would have to be retrofitted
We should all downgrade to at least i3's. All that added CPU power on your Mac is just a resource for hackers to exploit. I may have to get my Mac SE out.
I wonder if this is fixable by having anti-malware watch for the pattern of requests from software required to perform this exploit? The article says it took about an hour to capture the key, so something that checks every 1-5 minutes should be able to detect an active exploit and prevent it without a noticeable performance hit, right?
Publicly accessible being the real key words there. Leaking keys is a bigger deal when that key signs a lot of stuff for a lot of people with stuff you can steal. And public servers are inherently more at risk because people can get to them.
Private servers don't have either of these problems nearly as badly.
Good catch.
Now let’s keep our Macs secured:
QUOTING: The best way to prevent an attack is you secure your user account on your Mac with a strong password, and do not let people you don’t know use your Mac
Now let’s keep our Macs secured:
QUOTING: The best way to prevent an attack is you secure your user account on your Mac with a strong password, and do not let people you don’t know use your Mac
I have the same question since I don't understand what exactly what is vulnerable since a lot of this is above my head. It would be nice if somebody would write an article about minimizing the risks but since one hasn't appeared I assume there is nothing that can be done short totally disconnecting from the internet or powering down the computer completely.
I was getting ready to upgrade to a 15" MBA from my 13" but have cancelled that idea. No use throwing money away on POS that is just going to leak all my private info to hackers just the same as the one I already have. It might not do any good but I'm going to try to disable Keychain.app. I've got a couple of third party password managers and have used Little Snitch to totally block their access to the internet along with most other apps on the computer I don't use on a daily basis.
Not sure if trolling but you have nothing to worry about.
If you spend your life worrying about every edge case where something could go wrong, you’d never leave your home.