Researchers have uncovered a significant vulnerability in the microarchitecture of Apple’s M-series chips, which could allow attackers to extract secret keys from Mac devices, including computers and laptops. The critical issue lies in the design of the chips, making it impossible to fully address the vulnerability with a simple software update.
The vulnerability is linked to the data prefetching mechanism (DMP), which enhances information processing by predicting future memory requests. However, the DMP function can misinterpret cryptographic keys, paving the way for attackers to extract them through specialized techniques.
An international team of researchers developed an attack known as goofetch, showcasing the ability to extract keys without requiring administrative privileges on the device. This attack can target Apple’s M1 and M2 chips, impacting both conventional encryption algorithms and those resistant to quantum computing.
The time taken to extract keys ranges from under an hour to ten hours, depending on the type of cryptographic key and algorithm involved. This underscores the vulnerability’s ability to bypass standard cryptographic protection mechanisms.
To mitigate the vulnerability, cryptographic software developers must integrate additional security measures into their products, potentially resulting in reduced efficiency during cryptographic operations. Proposed protection methods include employing data obfuscation and shifting processing tasks to processor cores without DMP.
Researchers also propose a long-term solution involving closer hardware-software interaction to allow for disabling DMP during critical operations, effectively thwarting potential attacks with minimal impact on overall performance.
As of now, Apple has not provided any official response to the research findings. Users are advised to stay vigilant for software updates and implement recommended security measures to mitigate potential risks.