A critical flaw in Apple's hardware security has been identified that could give hackers access to sensitive user information, including private cryptographic keys.
The research found a vulnerability in Apple's M-series chips that could lead to a data leak of Mac users' information.
According to Cryptopotato, the vulnerability leads to the loss of end-to-end keys because Apple chips facilitate the implementation of cryptographic protocols. There is no direct solution to the problem in this situation, which distinguishes it from traditional vulnerabilities.
The researchers dubbed this problem the "GoFetch" exploit. They explained how it works: it has the same user rights as many third-party applications and exploits vulnerabilities in M-series chip clusters. It affects both classical and quantum-resistant encryption algorithms in the same way.
Compared to previous threats, GoFetch has a more aggressive effect on Apple chips, posing a significant security threat. The GoFetch application connects to a target application and passes to it the input data that it signs or decrypts. In doing so, it extracts the secret key of the application that is used to perform these cryptographic operations.
The threat lies in the hardware optimization that predicts the memory addresses that the code can access. By loading content into the CPU cache before it is actually needed, DMP, as the feature is known, reduces the latency between main memory and the CPU, a common bottleneck in modern computing.
DMP is only used in M-series chips, although older forms of prefetch have been common for years.
The experts pointed out that the vulnerability manifests itself when a targeted cryptographic operation is processed on the same CPU cluster at the same time as a malicious application with normal user system privileges.
The researchers proposed an alternative method to fix the bug, but it significantly affects performance. The solution they developed is based on shifting protection to third-party cryptographic software. At the same time, such measures will reduce the performance of M-series chips when performing cryptographic tasks, which will be very critical for chips of previous generations M1 and M2.
The experts elaborated on their idea: "Our main idea is that although DMP dereferences are only pointers, the fraudster gains access to the program's input data, and when this data is mixed with cryptographic keys, the resulting intermediate state can be correlated to look like a pointer if the key matches the fraudster."