🔥Early Access: Land A High Paying Web3 Job In 90 Days LEARN MORE

Researchers discover critical vulnerability in Apple M-Series chips

499715
Researchers discover critical vulnerability in Apple M-Series chipsResearchers discover critical vulnerability in Apple M-Series chips

In this post:

  • A vulnerability in Apple’s M-series chips allows the extraction of cryptographic keys due to a flaw in the chip’s design.
  • The GoFetch attack, developed by researchers, can exploit this vulnerability without needing root access, affecting various types of cryptographic keys.
  • Mitigating this issue requires additional security measures in software, potentially impacting the performance of cryptographic operations on M-series chips.

Academic researchers have identified a new vulnerability within Apple’s M-series chips that could allow attackers to extract cryptographic keys from Mac devices. 

According to technology blog Ars Technica, this flaw is deeply rooted in the microarchitectural design of the silicon, rendering it impossible to rectify through conventional software patches. Instead, mitigating this risk necessitates modifications to third-party encryption software, which may adversely affect the performance of cryptographic operations, particularly on the earlier M1 and M2 chip models.

Mitigation efforts and the challenges

The vulnerability exploits the data memory-dependent prefetcher (DMP), a hardware optimization in Apple’s silicon that aims to improve computing efficiency by preloading anticipated data into the CPU cache. However, this feature inadvertently creates a side channel that could be leveraged to access and leak cryptographic keys. The exploit, dubbed GoFetch by the researchers, is notable for its ability to mine secrets without requiring elevated system privileges, only necessitating the same level of access as most third-party applications on macOS.

GoFetch has been demonstrated to be effective against a range of encryption standards, including those designed to withstand future quantum computing threats. The attack’s efficacy is showcased through its capability to extract various types of cryptographic keys within feasible timeframes, presenting a tangible threat to data security.

See also  Arkham Intelligence set to launch a derivatives exchange

Addressing this vulnerability is complex due to its hardware basis. Among the proposed countermeasures is ciphertext blinding, although this method is specific to certain algorithms and could double the computing resources required for processes like Diffie-Hellman key exchanges. Alternatively, running cryptographic operations on the M-series’ efficiency cores, which lack DMP, has been suggested, though this, too, comes with limitations.

This vulnerability highlights the challenges of securing cryptographic operations against microarchitectural side channels. The research team has called for a collective approach to the hardware-software interface to better protect against such vulnerabilities, suggesting mechanisms for selectively disabling the DMP during critical security operations.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Cryptopolitan
Subscribe to CryptoPolitan