What kind of security vulnerability are Apple chips exposed to? According to an ArsTechnica article, University researchers find vulnerability in Apple silicon that involves breaking encryption and accessing cryptographic keys. The affected chips will be the M1, M2 and perhaps even the latest generation M3. The problem is more serious considering that it is part of the chip architecturei.e. Cupertinos Couldn’t fix it with software update. This isn’t the first time Macs have been compromised with similar flaws; Let’s not forget the situation that compromised the T2 security chip.

Data Memory-Based Prefetchers (DMP), a process used in advanced chips

The problem is caused by a DMP like this: content is loaded into the CPU cacheDMP reduces the latency between main memory and the CPU (bottleneck). ArsTechnica said:

The threat lies in the chips’ data memory-dependent prefetcher; This is a hardware optimization that predicts the memory addresses of data that the running code is likely to access in the near future.

MacBook Pro and iMac with M3 chips available in October 2023

To exploit this vulnerability, an application was created to demonstrate this, the application in question was called GoFetch and was created by 7 researchers from 6 universities. Briefly, data stored on the chip can be mixed with a memory address and this is stored in the cache. If the malicious app causes the following issues repeat the mistake, it’s only a matter of time before you can decipher the key.

Researchers say they cannot leak encryption keys directly, but can process intermediate data within the encryption algorithm, to appear as a beacon throughout an entry attack. DMP detects that the data value is “disguised” as an address and goes to the cache.

A possible solution could compromise the chips’ performance

All Macs with M3 chips coming in 2024

The underlying problem cannot be solved, but any other alternative may affect the performance and performance of the chip.. Coming back to the researchers, they state that there is a procedure called “Ciphertext Blinding”. Here masks are added to and subtracted from precise values ​​before and after they are stored in memory. It becomes randomly visible so the attacker can no longer control the encryption algorithm.

“Cipher Operations” can also be run on efficiency cores that do not have DMP. This will complicate the time to complete transactions.

a faint hope Why this case could not happen? the user must be tricked into installing a malicious applicationApplications that are not signed or predefined cannot be installed. The app in question doesn’t make this entirely easy because This type of process takes between 1 and 10 hours to achieve its goal.. For now, Apple won’t announce any solutions until it implements them in the design of the next M series chips.