Teacher
Professional
- Messages
- 2,670
- Reaction score
- 814
- Points
- 113
Software patches won't save you, and the security of millions of users is a big question.
Researchers have discovered a serious vulnerability in the microarchitecture of Apple's M-series chips that allows attackers to extract secret keys from Mac devices, including computers and laptops. The main problem is that this vulnerability is directly related to the design of the chips and cannot be completely fixed by a simple software update.
The vulnerability is related to the data preloading (DMP) function, which optimizes information processing by predicting future memory requests. This function can misinterpret cryptographic keys, which opens the way for their extraction through specialized attacks.
A team of international researchers developed an attack called GoFetch, which demonstrates the ability to extract keys without the need for administrative rights on the device. The attack can be carried out on proprietary M1 and M2 chips, affecting both traditional encryption algorithms and algorithms that are resistant to quantum computing.
The key extraction process varies from less than an hour to ten hours, depending on the type of cryptographic key and the algorithm used. This indicates the vulnerability's ability to bypass standard security mechanisms in cryptography.
To protect against the vulnerability, cryptographic software developers must implement additional security mechanisms in their software, which can lead to lower performance when performing cryptographic operations. Among the proposed protection methods are the use of data masking and transfer of processing to processor cores without DMP.
The researchers also propose a long-term solution, which is to expand the interaction between hardware and software to enable disabling DMP when performing mission-critical operations. This can help prevent attacks without significantly impacting overall performance.
Apple has not yet commented on the results of the study, while users are advised to keep an eye on software updates and apply recommended security measures to minimize risks.
Researchers have discovered a serious vulnerability in the microarchitecture of Apple's M-series chips that allows attackers to extract secret keys from Mac devices, including computers and laptops. The main problem is that this vulnerability is directly related to the design of the chips and cannot be completely fixed by a simple software update.
The vulnerability is related to the data preloading (DMP) function, which optimizes information processing by predicting future memory requests. This function can misinterpret cryptographic keys, which opens the way for their extraction through specialized attacks.
A team of international researchers developed an attack called GoFetch, which demonstrates the ability to extract keys without the need for administrative rights on the device. The attack can be carried out on proprietary M1 and M2 chips, affecting both traditional encryption algorithms and algorithms that are resistant to quantum computing.
The key extraction process varies from less than an hour to ten hours, depending on the type of cryptographic key and the algorithm used. This indicates the vulnerability's ability to bypass standard security mechanisms in cryptography.
To protect against the vulnerability, cryptographic software developers must implement additional security mechanisms in their software, which can lead to lower performance when performing cryptographic operations. Among the proposed protection methods are the use of data masking and transfer of processing to processor cores without DMP.
The researchers also propose a long-term solution, which is to expand the interaction between hardware and software to enable disabling DMP when performing mission-critical operations. This can help prevent attacks without significantly impacting overall performance.
Apple has not yet commented on the results of the study, while users are advised to keep an eye on software updates and apply recommended security measures to minimize risks.
