Monday, 31 March 2025
26 C
Singapore
28.3 C
Thailand
25 C
Indonesia
26.9 C
Philippines

Apple silicon vulnerability exposes encryption keys

Discover the recent vulnerability in Apple's M-series chips that allows encryption keys to leak and learn how to protect your device.

International researchers have unearthed a significant vulnerability in Apple’s M-series chips, which can leak encryption keys. This flaw, embedded within the chip’s microarchitectural design, cannot be patched traditionally. Instead, software-based mitigation strategies are necessary, potentially hampering performance. The technical nature of this discovery is best understood by delving into the detailed report by Ars Technica, but a simplified explanation is provided here for clarity.

Understanding the GoFetch attack

The crux of the issue lies in Apple Silicon’s data memory-dependent prefetcher (DMP). This component predicts which memory addresses will likely be needed by running code, enhancing efficiency. However, this predictive mechanism can be manipulated to unveil sensitive data, including encryption keys, through an attack dubbed GoFetch. The researchers’ groundbreaking insight revealed that while the DMP typically only dereferences pointers, attackers can craft inputs that, combined with cryptographic secrets, result in an intermediate state mimicking a pointer under specific conditions. This vulnerability enables the extraction of partial or complete information about the cryptographic secret, undermining the security of constant-time swap primitives and various cryptographic implementations designed to resist chosen-input attacks.

Historical context and mitigation

Interestingly, this is not the first instance of a DMP-related flaw in Apple Silicon; a similar vulnerability, the Augury flaw, was identified in 2022. Although the recent discovery may raise concerns, the practical risk is considered low. Gaining system access and the time required for an attack are significant barriers. Extracting a 2048-bit RSA key took the researchers just under an hour, whereas obtaining a 2048-bit Diffie-Hellman key took over two hours, and a Dilithium-2 key took more than ten hours.

Protecting your devices

Adhering to basic security practices is advisable for users seeking to safeguard their devices against such vulnerabilities. Keeping macOS Gatekeeper enabled and avoiding the installation of apps from unknown sources are essential steps in maintaining security.

In summary, while discovering this flaw in Apple’s M-series chips highlights potential security concerns, the immediate risk to users remains low, thanks to the demanding requirements for executing such an attack. Nonetheless, awareness and adherence to recommended security measures are crucial for protection.

Hot this week

Fujifilm unveils GFX100RF: A 102MP medium format compact camera

Fujifilm announces the GFX100RF, a 102MP medium-format compact camera. It is available for pre-order at S$7,999, and early buyers will receive free gifts.

Instagram introduces new speed-up feature for Reels

Instagram now lets you watch Reels at double speed, just like TikTok. The new feature helps you get through longer videos faster and easier.

POCO launches F7 Series in Singapore with high performance and affordability

POCO launches F7 Ultra and F7 Pro in Singapore, offering flagship features, strong performance, and early bird gifts from 27 March.

OpenAI pauses free GPT-4o image generation after viral Studio Ghibli trend

OpenAI halts free GPT-4o image generation after viral Studio Ghibli trend raises legal concerns, leaving paid users with continued access.

AI-generated Studio Ghibli art raises fresh copyright concerns

OpenAI’s AI image tool sparks controversy after generating Studio Ghibli-style art, raising new copyright concerns. Legal experts weigh in.

Fitbit users now have until 2026 to migrate to Google accounts

Fitbit users now have until February 2, 2026, to migrate their accounts to Google accounts or risk losing their data and service access.

Microsoft removes Windows 11 loophole for skipping account setup

Microsoft is blocking a well-known workaround that lets you set up Windows 11 without a Microsoft account, enforcing stricter installation rules.

Samsung’s latest vacuum alerts you to calls and texts while you clean

Samsung’s new Bespoke AI Jet Ultra vacuum can alert you to calls and texts while cleaning as the brand expands smart home screens across appliances.

Fujifilm unveils GFX100RF: A 102MP medium format compact camera

Fujifilm announces the GFX100RF, a 102MP medium-format compact camera. It is available for pre-order at S$7,999, and early buyers will receive free gifts.

Related Articles

Popular Categories