Teacher
Professional
- Messages
- 2,670
- Reaction score
- 814
- Points
- 113
Recently, Apple's M-series processors revealed a vulnerability that allows attackers to extract private keys on macOS computers. The attack vector was named GoFetch.
This is a classic problem of information leakage through third-party channels, which in this case allows end-to-end key extraction at the moment when the processor starts implementing widely used cryptographic protocols.
Moreover, as experts note in the published report, the vulnerability is not so easy to close, since it is related to the microarchitecture of the chip itself.
As a result, "patching" is reduced to the introduction of additional layers of protection in third-party software for cryptographic operations, which can dramatically reduce the performance of the vaunted "Apple" chips (especially for the M1 and M2 generations).
The vulnerability can be exploited when executing a malicious application and a targeted cryptographic operation on the same CPU cluster. At the same time, a conditional attacker does not need root access, just the usual privileges that all software in macOS uses will suffice.
GoFetch works both against classical encryption algorithms and against the so-called new generation, which is supposedly more resistant to attacks by quantum computers.
The new method can extract a 2048-bit RSA key in less than an hour, and the 2048-bit Diffie-Hellman key will take a little longer — just over two hours.
The peculiarity of the attack vector is that it takes into account the behavior of the DMP function (reduces the delay between main memory and the processor) in M-series processors. Sometimes DMP confuses the contents of memory with the value of a pointer, which often results in data being read that is treated as an address for accessing memory.
This is a classic problem of information leakage through third-party channels, which in this case allows end-to-end key extraction at the moment when the processor starts implementing widely used cryptographic protocols.
Moreover, as experts note in the published report, the vulnerability is not so easy to close, since it is related to the microarchitecture of the chip itself.
As a result, "patching" is reduced to the introduction of additional layers of protection in third-party software for cryptographic operations, which can dramatically reduce the performance of the vaunted "Apple" chips (especially for the M1 and M2 generations).
The vulnerability can be exploited when executing a malicious application and a targeted cryptographic operation on the same CPU cluster. At the same time, a conditional attacker does not need root access, just the usual privileges that all software in macOS uses will suffice.
GoFetch works both against classical encryption algorithms and against the so-called new generation, which is supposedly more resistant to attacks by quantum computers.
The new method can extract a 2048-bit RSA key in less than an hour, and the 2048-bit Diffie-Hellman key will take a little longer — just over two hours.
The peculiarity of the attack vector is that it takes into account the behavior of the DMP function (reduces the delay between main memory and the processor) in M-series processors. Sometimes DMP confuses the contents of memory with the value of a pointer, which often results in data being read that is treated as an address for accessing memory.
