Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

[bizack]

It’s not clear how this is a realistic or possible exploit.

“We don't care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.”

Over how much time? What are the conditions that make this possible?

This reads like a hypothetical academic paper where the exploit wasn’t achieved.

 

[ElectricPotato]

This can be fixed by upgrading to M5.

Our compliments to the M-5 unit. And regards to Captain Dunsel.

 

[simidene]

Wonder how long Apple has known about this? I think we can safely assume based on past experience that Apple did nothing, hoping the public would never know.

Exactly! And yet the hard core Apple fans will be on deaf ear about changing these tactics by Apple that's why as much as I am a big apple user it's time to open things up a bit. Glad texting will finally be on a somewhat open platform by the summer.

 

[ikramerica]

This is going to make me sound really, really old… which I am! 😁

I do miss the pre-internet days.
I would buy a Mac from my Mac shop… use it until it felt slowish. Then I might even just upgrade the RAM or storage myself. *gasp*

I lived and worked with no idea what the latest and greatest Mac was. What processor it was up to… etc etc.

Just blissful ignorance.

After 3-5 years I'd just buy the latest Mac I could afford.

Life definitely was a lot simpler back then! 🙂

Edit: Spelling

I read MacWorld and MacUser back then and knew that Apple was constantly updating chips and altering model names/numbers so you just couldn’t get bent out of shape that your machine was old.

of course, there were also PDS slots and cache slots that allowed you to upgrade your processor, sometimes to the 2nd or third generation above the one you had internally.

 

[sw1tcher]

"Requires an attacker process to be running on your machine..." Looking at the EU demands and the push to allow 3rd party stores, side loading applications, etc....

View attachment 2361689

This story is about a vulnerability in Apple's M-series chips (i.e. M1, M2, M3). These M-series chips are used in Macs and iPads, not the iPhone.

" An unpatchable vulnerability has been discovered in Apple's M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica)."

The EU demand for 3rd party app stores and sideloading applies only to the iPhone (no iPads).

We've been able to sideload install apps from any source on the Mac since forever.

 

[mevans7]

DMP-style attacks are not common, and typically require physical access to a Mac

I won’t lose any sleep over this.

 

[seek3r]

Does this endanger the safety of FileVault encrypted storage?

Possibly not? The encryption for that passes through the controller I believe, I dont know if the key is ever exposed in a way that would be accessible to this attack. It’s a good question.

Exactly! And yet the hard core Apple fans will be on deaf ear about changing these tactics by Apple that why as much as I am a big apple user its time to open things up a bit. Glad texting will finally be on a somewhat open platform by the summer.

What would opening things up have to do with a vulnerability like this (which, btw, since you apparently havent read the thread, is not an attack mechanism that solely AS chips are vulnerable to)?

 

[sw1tcher]

Coming soon to the iPhone, thanks to sideloading and alternative marketplaces.

And yet somehow the DMP vulnerability affected iPhones with the A14 chip that came out over 3 years ago... a time when we didn't have sideloading and alternative marketplaces yet.

"As ArsTechnica notes, this isn't the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the M1 and Apple's A14 Bionic chip for iPhones, which resulted in the "Augury" attack."


Ever stop to think this has nothing to do with sideloading or alternative marketplaces?

 

[PlayUltimate]

Sigh . . . I guess I’ll stick with my Intel-based iMac a bit longer.

 

[BigBrotherNowWatching]

the very core of the apple brand is at stake here.

macs vulnerable to what ?

it is built in the apple chip? oh my.

— there is a worm inside this fruit —

 

[DEMinSoCAL]

I have more issues with my credit/debit card getting hacked. This is likely no big deal for 99.999% of us.

Certainly to propeller heads it’s notable, but good lord.

So you're saying if Apple said nothing but knew, and you lost private data due to it, you wouldn't be upset?

 

[hajime]

Is M1 iPad Pro also affected?

 

[Asbow]

So this is Tim Cook’s evil plan to get everyone with M1s and M2s to upgrade to M3s! Genius. Tim Cook should be the villain in the next 007 film.

He’s the villain in Jurassic World Dominion.

 

[thejadedmonkey]

It was described in the article on the other major Apple rumor site. Not sure if I can post links to the other site.

9to5mac?

To exploit the vulnerability, an attacker would have to fool a user into installing a malicious app, and unsigned Mac apps are blocked by default.

The author is conflating signed with safe. Because I'm a developer, and I have a developer account with Apple, I have a signing certificate. I can open xcode, write any app, sign it with my developer cert, and distribute it via a website. The only thing that Apple can do is revoke my cert, but that doesn't stop someone from running the app first.

If I can put this into a library that doesn't require administrator access, I could probably distribute it through the app store. I don't know how good Apple is at catching malicious apps during submission if the malicious part is disabled, but there's no guarantee that an app from the app store is safe either.

If I can get it through the mac app store, the only thing stopping the iPhone from getting p0wned is if the A17 or whatever chip isn't vulnerable, although given the A and M series chips are so similar, that's not a bet I'd take.

 

[Razorpit]

Looks like I'll be holding off for an M4 or M5 before I upgrade my Intel Mac Mini. 😉

 

[Rigby]

I skimmed parts of the paper. It looks like the issue affects 13th gen Intel processors as well. Possibly more processors.

From the Ars article: "The researchers noted that the DMP found in Intel’s Raptor Lake processors doesn’t leak the same sorts of cryptographic secrets."

 

[seek3r]

Sigh . . . I guess I’ll stick with my Intel-based iMac a bit longer.

Got some bad news for you about recent side channel attack discoveries on intel…

 

[cyanite]

Wonder how long Apple has known about this? I think we can safely assume based on past experience that Apple did nothing, hoping the public would never know.

No, we can’t assume that.

so when will the class action or recall be so can we trade in our M1’s for an M3?

Not a chance.

Yes it does. Literally any private key to the encrypted data can be extracted with this method.

This is incorrect. For example, central cryptographic operations take place on a separate CPU, the Secure Enclave.

 

[3530025]

This is incorrect. For example, central cryptographic operations take place on a separate CPU, the Secure Enclave.

Not for the majority of 3rd party apps.

 

[cyanite]

Reminds me of Zero Click which mysteriously is never permanently disabled. It's almost like Apple cooperated in designing a backdoor into what they sell.

Maybe it is to a person that doesn’t know any details. Otherwise it isn’t.

“Privacy and safety”

Apple has lost its touch man. I fully believe Tim Cook needs to go.

Microarchitectural side channels has happened several times in the past on many other CPUs. It’s quite hard to prevent entirely.

 

[rhegyi]

I wonder how this will effect the Government shake down of Apple. Shouldn't this Exploit be available to Intel users too?

 

[Unregistered 4U]

DMP-style attacks are not common, and typically require physical access to a Mac. The researchers informed Apple of the vulnerability in December 2023, and users concerned about the vulnerability are advised…

to… you know… not allow physical access to your Mac. I know that person that showed up at your door saying his car broke down JUST out of sight and they just needs to use your computer to go to their insurance company’s website and go through a several hours long claims process in order to get them to send help SEEMS sincere but what you SHOULD do is…
“Let them use my cell phone!”
say NO. Just say NO.

 

[itsknotme]

Well, I just upgraded, 3 weeks ago, to the M2 mini. Still happy with it. This won't change my happiness. It is what it is. Sadly, been away from the platform for a while because my devices were no longer support. But, I'm back.

 

[Spotlighter9]

Well...at least we now have Space Black MBPs.

 

[BornAgainMac]

Captain Kirk beat a Sith Lord type being season 1 episode 3 called "Where No Man Has Gone Before" and in season 3 episode 10 called "Plato's Stepchildren". I am sure Kirk would beat Vader, Maul, and Count Dooku.