A recent study has raised alarms by identifying a vulnerability in Apple's M-series chips that could allow hackers to obtain Mac users' private encryption keys.
In the absence of a direct solution, other methods proposed by researchers can significantly hinder performance.
Apple M series chips are susceptible to key extraction
The vulnerability in question acts as a side channel, allowing end-to-end key extraction when Apple chips run implementations of commonly used cryptographic protocols. Unlike traditional vulnerabilities, this vulnerability cannot be directly patched because it is derived from the silicon microarchitectural structure.
Instead, the report highlighted fixes that rely on integrating defenses into third-party encryption software. However, this approach can significantly “degrade” the performance of M-series chips during cryptographic tasks, especially in earlier generations such as M1 and M2.
The researchers also added that exploitation of this vulnerability occurs when both the targeted cryptographic operations and a malicious application running with standard user system privileges are processed on the same CPU cluster. Ta.
“Our key insight is that while a DMP only dereferences pointers, an attacker can create program inputs that, when mixed with cryptographic secrets, allow that secret to satisfy the attacker. That is, the resulting intermediate state can be made to look like a pointer only if -selected predicate.”
New research reveals an overlooked phenomenon regarding DMPs within Apple silicon. In some cases, these DMPs incorrectly interpret the contents of memory containing critical key material as pointer values used to load other data. As a result, the DMP frequently accesses this data and interprets it as an address, leading to memory access attempts, the researchers explained.
This process, known as “dereferencing” a “pointer,” involves reading and accidentally leaking data via a side channel, and represents a clear violation of the constant-time paradigm.
go fetch
Researchers identified the hack as a “GoFetch” exploit, which operates with the same user privileges as most third-party applications and exploits a vulnerability in clusters of M-series chips. This affects traditional and quantum-resistant encryption algorithms alike, with extraction times varying from minutes to hours depending on the key size.
Despite previous knowledge of similar threats, researchers say GoFetch exhibits more aggressive behavior within Apple's chips, posing significant security risks.
