News Categories

Apple Silicon discovered to have vulnerability that can leak secret encryption keys

By Kenny Yeo - on 25 Mar 2024, 12:15pm

Apple Silicon discovered to have vulnerability that can leak secret encryption keys

(Image source: Apple)

A team of researchers from various universities around the world have discovered a flaw in Apple's M-series chip that would allow attackers to extract encryption keys.

What's troublesome about this discovery is that the flaw is baked into the microarchitectural design of Apple's chips, which means they cannot be patched. Instead, it would require mitigation on the software side, and this would, in all likelihood, have a detrimental impact on performance.

The flaw is highly technical, and I would urge readers who want to know the full details to read the report by Ars Technica.

But to put it very briefly, the attack, which is called GoFetch, has to do with the way Apple Silicon's data memory-dependent prefetcher (DMP) works. The DMP works by predicting memory addresses of data that will likely be used by code that is currently running. In doing so, it can be manipulated to reveal sensitive data such as encryption keys.

The researchers who discovered the flaw wrote:

Our key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate. For example, imagine that a program has secret s, takes x as input, and computes and then stores y = s ⊕ x to its program memory. The attacker can craft different x and infer partial (or even complete) information about s by observing whether the DMP is able to dereference y. We first use this observation to break the guarantees of a standard constant-time swap primitive recommended for use in cryptographic implementations. We then show how to break complete cryptographic implementations designed to be secure against chosen-input attacks.

This isn't the first time that Apple Silicon was revealed to have a DMP flaw. Back in 2022, there was the so-called Augury flaw, which found that the DMP could leak sensitive data.

While this is no doubt worrying to hear, the real-world risks are said to be low. According to the researchers, the attack requires access to the system and it takes time. It took them a little under an hour to extract a 2048-bit RSA key, while it took over two hours to extract a 2048-bit Difffie-Hellman key, and over 10 hours to extract a Dilithium-2 key.

To protect yourselves, make sure you leave macOS Gatekeeper on and do not install apps from unknown sources.

Source: Ars Technica

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.