“Unfixable” Apple Chip Issue: Secret Keys Vulnerable
Researchers have uncovered a grave vulnerability within the microarchitecture of Apple’s M-series chips, enabling malefactors to extract secret keys from Mac devices, encompassing both computers and laptops. The crux of the issue lies in that this vulnerability is intrinsically linked to the design of the chips and cannot be fully remedied by a mere software update.
The vulnerability is associated with the Data Memory Prefetching function, which optimizes information processing by anticipating future memory requests. This feature can misinterpret cryptographic keys, paving the way for their extraction through specialized attacks.
An international team of researchers has devised an attack, dubbed GoFetch, illustrating the feasibility of extracting keys without requiring administrative privileges on the device. This assault can be executed on the proprietary M1 and M2 chips, affecting both conventional encryption algorithms and those resistant to quantum computing.
The process of key extraction varies from under an hour to ten hours, depending on the type of cryptographic key and the algorithm employed. This indicates the vulnerability’s capability to circumvent standard cryptographic defense mechanisms.
To guard against this vulnerability, cryptographic software developers must implement additional security mechanisms into their software, potentially leading to decreased performance during cryptographic operations. Among the proposed protective measures are data masking and shifting processing to processor cores devoid of DMP.
The researchers also suggest a long-term solution involving the expansion of hardware and software interaction to allow for the deactivation of DMP during critical operations. This could help thwart attacks without significantly impacting overall performance.
Apple has yet to comment on the findings, while users are advised to stay abreast of software updates and implement recommended security measures to minimize risks.