720-891-1663
Apple has joined the rest of the industry.
The attack is called GoFetch and it affects M-series chip based computers.
Apple has quietly posted a workaround but we will see if it holds up.
A proof of concept has been released demonstrating the ability to steal secret keys including for OpenSSL Diffie-Hellman and Go RSA. Supposedly even from quantum-resistant protocols such as CRYSTALS Dilithium and CRYSTALS Kyber. Since the attack is against the computer hardware, the strength of the crypto is not really important.
Unfortunately, the workaround requires a feature that is only available in some Apple chips. The feature is called Data-Independent-Timing or DIT. That feature only exists in M3 chips and protects against some timing-based attacks.
Since the workaround only is possible on M3 based computers, maybe developers can try to program around timing attacks for software on other chips. In the past, that has been, in practice, not very effective.
On top of that, Apple says that even with M3 based systems with DIT on, developers still need to make coding changes.
Just like other attacks against Intel and AMD, this attack exploits efforts by Apple to squeeze ever more performance out of their systems. It compromises a feature called Data Memory-dependent Prefetchers (DMP). It is a feature that tries to predict the future and shave off a little bit of time.
This bug in DMP defeats efforts by programmers to use constant-time programming in crypto routines. Constant-time programming is a feature that attempts to stop attacks like this one from working. Except there is a bug in Apple’s silicon.
The researchers think that all M-series chips are likely vulnerable to attack.
Right now the bug is not being exploited. Today is Wednesday. Check back on Friday.
At this point there is nothing that you can do other than hoping that Apple can figure out a fix AND ALSO THAT PROGRAMMERS CHANGE THEIR SOFTWARE. Both of these need to be done to fix the problem.
The researchers say that some Intel processors are also vulnerable but the attack is much harder to do on Intel chips.
Credit: Dark Reading and Security Week