Security News > 2024 > March > Hardware Vulnerability in Apple’s M-Series Chips
The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future.
The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data.
As long as the GoFetch app and the targeted cryptography app are running on the same performance cluster-even when on separate cores within that cluster-GoFetch can mine enough secrets to leak a secret key.
The GoFetch app requires less than an hour to extract a 2048-bit RSA key and a little over two hours to extract a 2048-bit Diffie-Hellman key.
The GoFetch app connects to the targeted app and feeds it inputs that it signs or decrypts.
As its doing this, it extracts the app secret key that it uses to perform these cryptographic operations.
News URL
https://www.schneier.com/blog/archives/2024/03/hardware-vulnerability-in-apples-m-series-chips.html
Related news
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Hardware-level Apple Silicon vulnerability can leak cryptographic keys (source)
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)