News

A team of researchers from various universities around the world have discovered a flaw in Apple's M-series chip that would allow attackers to extract encryption keys. What's troublesome about this discovery is that the flaw . Instead, it would require mitigation on the software side, and this would, in all likelihood, have a detrimental impact on performance. The flaw is highly technical, and I would urge readers who want to know the full details to read . But to put it very briefly, the attack, , has to do with the way . The DMP works by predicting memory addresses of data that will likely be used by code that is currently running, in doing so, it can be manipulated to reveal sensitive data such as encryption keys. The researchers who discovered the flaw wrote: Our key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate. For example, imagine that a program has secret s, takes x as input, and computes and then stores y = s ⊕ x to its program memory. The attacker can craft different x and infer partial (or even complete) information about s by observing whether the DMP is able to dereference y. We first use this observation to break the guarantees of a standard constant-time swap primitive recommended for use in cryptographic implementations. We then show how to break complete cryptographic implementations designed to be secure against chosen-input attacks. This isn't the first time that Apple Silicon was revealed to have a DMP flaw. Back in 2022, there was , which found that the DMP could leak sensitive data. While this is no doubt worrying to hear, the real-world risks are said to be low. According to the researchers, . It took them a little under an hour to extract a 2048-bit RSA key, while it took over two hours to extract a 2048-bit Difffie-Hellman key, and over 10 hours to extract a Dilithium-2 key. To protect yourselves, make sure you leave macOS Gatekeeper on and do not install apps from unknown sources. Source: