Apple’s M1 and M2 chips, found in the MacBook Pro, MacBook Air, iMac, and Mac mini, have a vulnerability that could allow attackers get encrypted keys users through cryptographic operations.
The vulnerability was discovered by a team of university researchers who named it “GoFetch.” As they explain, hackers can take advantage of the memory prefetching (DMP) of M-series chips.which is a hardware modification that can predict the memory addresses that running code will use.
DMP sometimes confuses the actual contents of memory with the pointer used to predict the memory address, opening the door for hackers to take advantage of this confusion to guess pieces of the cryptographic key until it is completely decrypted. They, in particular, encryption keys used for some of the most commonly used encryption methods in the world.
Prefetching typically looks at the addresses of the data being accessed (ignoring the values of the data being accessed) and tries to guess future addresses that might be useful. In this sense, DMP is different because in addition to addresses, it also uses data values for prediction (predicting addresses to go to and pre-searching).
In particular, if a data value “looks like” a pointer, it will be treated as an “address” (even though it actually isn’t!), and the data at that “address” will be moved to the cache. The entry of this address into the cache is visible and filtered through cache side channels.
Researchers explain this via Ars Technica.
Apple Can Fix It, But There’s a Catch
Attackers They don’t need root access to the Macbut they can do so through permissions that the user grants to any other application on the Mac. The vulnerability also arises from the microarchitectural design of the silicon itself of the M1 and M2 chips, making it impossible to fully repair it.
Manzana You can create patches to solve this problem using software, but it will affect the performance of the equipment. As of now, the company does not seem to have shared a solution in this regard. Apparently, the M3 chips that the company recently announced are not affected.
In any case, and in most cases, for an attacker to steal credentials using DMP vulnerabilities, they need physical access to the computer. Therefore, it is best to protect your account with a strong password.
Source: Hiper Textual
I’m Ben Stock, a highly experienced and passionate journalist with a career in the news industry spanning more than 10 years. I specialize in writing content for websites, including researching and interviewing sources to produce engaging articles. My current role is as an author at Gadget Onus, where I mainly cover the mobile section.
