Your Mac Has a Serious Security Vulnerability Built Into Its Hardware

As Ars Technica reports , your silicon Apple Mac has a huge security problem. Researchers have discovered a vulnerability in M-series chips that allows attackers to obtain security keys during routine and frequent cryptographic operations. The worst part? The bug is hardware-related, meaning Apple can’t fix it with a simple software update.

What is the disadvantage?

This shortcoming has to do with the way Apple designs its chips to handle memory: Ars Technica explains that the M-series chips, as well as Intel’s 13th-generation Raptor Lake chips, predict the memory addresses of data that current code will need in the future by loading them. data into the CPU cache in advance, a feature known as prefetching that depends on data memory. This action reduces the latency between your computer’s processor and the computer’s main memory, which improves overall performance.

This design creates vulnerabilities because it opens a “side channel” to previous access patterns that can be exploited by attackers. That’s why engineers developed what’s called “constant-time programming” to make sure everything on your machine takes the same amount of time to complete. However, they missed a huge gap here: your machine might mistake the contents of memory for a “pointer value” or something that tells the machine where in memory the data should be. When this happens, your machine inadvertently passes pointers to the side channel, giving the attackers the advantage back.

The researchers say this process does not directly leak security keys, but an attacker could trick machines into leaking security keys over time. They developed an attack to exploit a vulnerability called GoFetch, which only requires the same permissions as any other third-party application on your Mac. Once logged in, GoFetch will run in the same area of ​​your M1 chip as the encryption app and will target and reveal the security key over time. Depending on the key type, GoFetch may take anywhere from 10 hours to 54 minutes to resolve the key.

Fixing the error will result in decreased performance.

Since the flaw is based on the design of Apple’s M-series chips, a simple macOS patch won’t fix it. Instead, the engineers who develop the cryptographic software itself for Apple’s processors will have to fix it. Unfortunately, this will almost certainly reduce the performance of Apple’s chips. According to the researchers, one of the proposed solutions could potentially double the resources currently used by cryptographic software.

However, this performance degradation will only occur when running cryptographic software. This can be a positive thing because any time you don’t have this software installed on your computer, such as in many applications and browsers, you may not notice any decrease in performance at all.

More…

Leave a Reply