Saturday, November 23

A recent study has raised alarms after identifying a vulnerability in Apple’s M-series chips that has the potential to enable hackers to retrieve the cryptographic private keys of Mac users.

In the absence of a direct resolution, the other method suggested by researchers may drastically hamper performance.

Apple M-Series Chips Susceptible to Key Extraction

The vulnerability in question functions as a side channel, thereby permitting the extraction of end-to-end keys when Apple chips execute implementations of commonly employed cryptographic protocols. Due to its origin in the microarchitectural structure of the silicon, direct patching is not feasible, unlike traditional vulnerabilities.

Instead, the report highlighted a fix that relies on integrating defenses into third-party cryptographic software. However, this approach may significantly, “degrade” the performance of M-series chips during cryptographic tasks, especially evident in earlier generations like M1 and M2.

The researchers also added that the exploitation of the vulnerability occurs when both the targeted cryptographic operation and a malicious application, operating with standard user system privileges, are processed on the same CPU cluster.

“Our key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate.”

The latest research sheds light on, what is being toouted as, an overlooked phenomenon regarding DMPs within Apple silicon. In certain cases, these DMPs misinterpret memory content, including critical key material, as the pointer value utilized for loading other data. As a result, the DMP frequently accesses and interprets this data as an address, leading to memory access attempts, the team of researchers explained.

This process, known as “dereferencing” of “pointers,” entails reading data and inadvertently leaking it through a side channel, representing a clear breach of the constant-time paradigm.

GoFetch

The researchers identified this hack as a “GoFetch” exploit while explaining that it operates on the same user privileges as most third-party applications, exploiting vulnerabilities in clusters of M-series chips. It affects classical and quantum-resistant encryption algorithms alike, with extraction times varying from minutes to hours depending on the key size.

Despite previous knowledge of similar threats, the researchers said that GoFetch demonstrates a more aggressive behavior in Apple’s chips, posing a significant security risk.

Read the full article here

Share.
Leave A Reply

Exit mobile version