They will fix it but it will come at the price of performance as it is a hardware security issue. There are examples of these types of security issues happening before and the fix hurt performance as it basically requires giving up the hardware performance gains that now more or less has to get disabled.I am sure Apple will fix the security issue.
You're only half-correct
- No, it does not need for several hours. From the research paper: it takes as little as few minutes
- Well, RSA is most used cryptographic algorithm and its pretty known. It's known that proprietary self-implemented cryptography algorithms are usually really bad. It's a bad idea to try to implement custom crypto. It never works well.
Are there any estimates how much this predictive pointer dereferencing, or whatever it is, gives in speed advantage (i.e. how much slower Macs will become without it)?
On another note, the whole Apple Silicon move seems to have been unwarranted. Intel and AMD are making large strides in power efficiency and even without the inevitable slowdown from patching this vulnerability, there have been no enticing improvements since the M1.
You're right. Somehow I misread this in the arstechnica article for 4.9 minutes. My bad. Still it's not several of hours if they claim 49 minutes on average.From the paper:
Section 6.1: "The end-to- end attack takes 49 minutes on average to finish"
Yes, but at the same time all those x86-based side-channel vulns have been patched directly in the microcode and/or in the compiler itself. So no wonder they can't be misused on regular updated computer.That's a good point. At the same time, side-channel vulnerabilities have been known for many years and affect all modern CPUs, and yet I am not aware of a single successful active threat that would use these techniques successfully.
That's a good point though. I mean not publishing ready-to-use utility means script kiddies are out of the game. It does not mean serious hacker is not able to take advantage of it. And at the same time this does not imply only high profile ones are targets. This exploit may be included in some malware making it way more dangerous than it would be without this exploit.So until the security researchers publish a utility that can for example demonstrably extract my private ssh key, I am not worried.
They have the Spectre issue. Same same. You can disable functionality to remedy but it slows down your processor.Thankfully I’m still on an Intel iMac! /s
Can it even be slower??They have the Spectre issue. Same same. You can disable functionality to remedy but it slows down your processor.
Does this affect the entire M-Series line? Even the M3's?
An unpatchable vulnerability has been discovered in Apple's M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).
Named "GoFetch," the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.
The paper finds that DMPs, especially the ones in Apple's processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they're dealing with.
The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there's less for an attacker to observe and exploit.
However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.
The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.
In an email to ArsTechnica, the authors explained:
In summary, the paper shows that the DMP feature in Apple silicon CPUs could be used to bypass security measures in cryptography software that were thought to protect against such leaks, potentially allowing attackers to access sensitive information, such as a 2048-bit RSA key, in some cases in less than an hour.
According to the authors, the flaw in Apple's chips cannot be patched directly. Instead, the attack vector can only be reduced by building defenses into third-party cryptographic software that could result in an extreme performance degradation when executing the cryptographic operations, particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple's latest chip, has a special bit that developers can invoke to disable it, but the researchers aren't yet sure what kind of penalty will occur when this performance optimization is turned off.
As ArsTechnica notes, this isn't the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the M1 and Apple's A14 Bionic chip for iPhones, which resulted in the "Augury" attack. However, this attack was ultimately unable to extract the sensitive data when constant-time practices were used.
DMP-style attacks are not common, and typically require physical access to a Mac. The researchers informed Apple of the vulnerability in December 2023, and users concerned about the vulnerability are advised to check for GoFetch mitigation updates that become available in future macOS updates for any of the encryption protocols known to be vulnerable. Apple representatives declined to comment on the record when ArsTechnica asked about the paper.
Article Link: Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys
This would be a much bigger danger on servers but fortunately Apple got out of the server business.
We should all downgrade to at least i3's. All that added CPU power on your Mac is just a resource for hackers to exploit. I may have to get my Mac SE out.Thankfully I’m still on an Intel iMac! /s
Really? Because people keep saying the mini form factor will never change because all those server racks would have to be retrofitted
No offence but how about you read first ?Does this affect the entire M-Series line? Even the M3's?
I have the same question since I don't understand what exactly what is vulnerable since a lot of this is above my head. It would be nice if somebody would write an article about minimizing the risks but since one hasn't appeared I assume there is nothing that can be done short totally disconnecting from the internet or powering down the computer completely.Does this expose all passwords stored in the Keychain.app
Not sure if trolling but you have nothing to worry about.I have the same question since I don't understand what exactly what is vulnerable since a lot of this is above my head. It would be nice if somebody would write an article about minimizing the risks but since one hasn't appeared I assume there is nothing that can be done short totally disconnecting from the internet or powering down the computer completely.
I was getting ready to upgrade to a 15" MBA from my 13" but have cancelled that idea. No use throwing money away on POS that is just going to leak all my private info to hackers just the same as the one I already have. It might not do any good but I'm going to try to disable Keychain.app. I've got a couple of third party password managers and have used Little Snitch to totally block their access to the internet along with most other apps on the computer I don't use on a daily basis.