...
...
Haider Jamal

Mar 23, 2024

Hackers Can Access Cryptographic Private Keys Of Mac Users

Apple recently encountered a critical vulnerability enabling the extraction of sensitive data. Numerous concerns were raised following the discovery of a potentially catastrophic flaw in the Apple M-series chips, which could apparently allow hackers to obtain the cryptographic private keys of Mac users. Without a direct solution, researchers propose an alternative approach, which could severely impact performance.

 

Vulnerability In M-Series Chips Enables Key Retrieval

The identified vulnerability operates as a side channel, facilitating the retrieval of end-to-end keys during the execution of common cryptographic protocols on Apple chips. Due to its microarchitectural nature, direct patching is not feasible, unlike conventional vulnerabilities.

Instead, the report suggests integrating defenses into third-party cryptographic software as a solution. However, this method might significantly impact the performance of M-series chips during cryptographic tasks, particularly noticeable in earlier generations like M1 and M2.

The researchers further explain that the vulnerability is exploited when both the targeted cryptographic operation and a malicious application, operating with standard user system privileges, are processed on the same CPU cluster.

The key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate.

 

The GoFetch Exploit

The latest research reveals an overlooked issue concerning DMPs within Apple silicon. In specific scenarios, these DMPs misinterpret memory content, including critical key material, as the pointer value used for loading other data. Consequently, the DMP frequently accesses and interprets this data as an address, leading to memory access attempts, as explained by the team of researchers.

This process, termed dereferencing of pointers, involves reading data and inadvertently leaking it through a side channel, representing a clear breach of the constant-time paradigm. The researchers identify the exploit as GoFetch, operating under the same user privileges as most third-party applications, targeting vulnerabilities in clusters of M-series chips. It affects both classical and quantum-resistant encryption algorithms, with extraction times varying between minutes to hours depending on the key size.

 

Top News


cw-icon Just now
Read more latest news

Press Releases

...
Terra
Do Kwon Trial Begins Despite The Founder

8 months ago Mar 26, 2024

The civil fraud trial involving Ter... Read more

...
Goldman
Goldman Sachs Clients Look To Get Back

8 months ago Mar 25, 2024

Institutional clients served by the... Read more

...
Payments
New Payment Limit For Crypto Wallets Scrapped

8 months ago Mar 25, 2024

The recent Anti-Money Laundering re... Read more

...
Bitcoin
Bitcoin Undergoes Price Correction As International Economies

8 months ago Mar 24, 2024

A significant portion of the crypto... Read more

Join Our Newsletter

Get the latest trends and updates on our crypto community.