Some Apple CPUs have an "unfixable" security flaw — and they're leaking secret encryption keys

Representational image depecting cybersecurity protection

(Image credit: Shutterstock)

Researchers have discovered a new side-channel vulnerability in Apple’s M-series of processors that they claim could be used to extract secret keys from Mac devices when they’re performing cryptographic operations.

Academic researchers from the University of Illinois Urbana-Champaign, University of Texas at Austin, Georgia Institute of Technology, University of California, University of Washington, and Carnegie Mellon University, explained in a research paper that the vulnerability, dubbed GoFetch, was found in the chips’ data memory-dependent prefetcher (DPM), a optimization mechanism that predicts the memory addresses of data that active code could access in the near future.

Since the data is loaded in advance, the chip makes performance gains. However, as the prefetchers make predictions based on previous access patterns, they also create changes in state that the attackers can observe, and then use to leak sensitive information.

GoFetch risk

The vulnerability is not unlike the one abused in Spectre/Meltdown attacks as those, too, observed the data the chips loaded in advance, in order to improve the performance of the silicon.

The researchers also noted that this vulnerability is basically unpatchable, since it’s derived from the design of the M chips themselves. Instead of a patch, the only thing developers can do is build defenses into third-party cryptographic software. The caveat with this approach is that it could severely hinder the processors’ performance for cryptographic operations.

Apple has so far declined to discuss the researchers’ findings, and stressed that any performance hits would only be visible during cryptographic operations.

While the vulnerability itself might not affect the regular Joe, a future patch hurting the device’s performance just might.

Those interested in reading about GoFetch in depth, should check out the research paper here.

Via Ars Technica

More from TechRadar Pro

This nasty new Android malware can easily bypass Google Play security — and it's already been downloaded thousands of times
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.