Best crypto insights delivered straight to your inbox.
Researchers discover critical vulnerability in Apple M-Series chips
Researchers discover critical vulnerability in Apple M-Series chips
- A vulnerability in Apple’s M-series chips allows the extraction of cryptographic keys due to a flaw in the chip’s design.
- The GoFetch attack, developed by researchers, can exploit this vulnerability without needing root access, affecting various types of cryptographic keys.
- Mitigating this issue requires additional security measures in software, potentially impacting the performance of cryptographic operations on M-series chips.
Academic researchers have identified a new vulnerability within Apple’s M-series chips that could allow attackers to extract cryptographic keys from Mac devices.
According to technology blog Ars Technica, this flaw is deeply rooted in the microarchitectural design of the silicon, rendering it impossible to rectify through conventional software patches. Instead, mitigating this risk necessitates modifications to third-party encryption software, which may adversely affect the performance of cryptographic operations, particularly on the earlier M1 and M2 chip models.
Mitigation efforts and the challenges
The vulnerability exploits the data memory-dependent prefetcher (DMP), a hardware optimization in Apple’s silicon that aims to improve computing efficiency by preloading anticipated data into the CPU cache. However, this feature inadvertently creates a side channel that could be leveraged to access and leak cryptographic keys. The exploit, dubbed GoFetch by the researchers, is notable for its ability to mine secrets without requiring elevated system privileges, only necessitating the same level of access as most third-party applications on macOS.
GoFetch has been demonstrated to be effective against a range of encryption standards, including those designed to withstand future quantum computing threats. The attack’s efficacy is showcased through its capability to extract various types of cryptographic keys within feasible timeframes, presenting a tangible threat to data security.
Addressing this vulnerability is complex due to its hardware basis. Among the proposed countermeasures is ciphertext blinding, although this method is specific to certain algorithms and could double the computing resources required for processes like Diffie-Hellman key exchanges. Alternatively, running cryptographic operations on the M-series’ efficiency cores, which lack DMP, has been suggested, though this, too, comes with limitations.
This vulnerability highlights the challenges of securing cryptographic operations against microarchitectural side channels. The research team has called for a collective approach to the hardware-software interface to better protect against such vulnerabilities, suggesting mechanisms for selectively disabling the DMP during critical security operations.
Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Damilola Lawrence
Damilola Lawrence has covered news on crypto markets and tech for over 5 years. He has previously shared crypto insights and analysis for TheShibMagazine, CryptoMode, Qweens Magazine, and The Recording Academy before pivoting into Web3. At Cryptopolitan, he is a crypto price prediction specialist. After finishing a bachelor’s degree, he has segued into a master’s degree in IT Cybersecurity at Maria Curie-Skłodowska University.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)