As reported by Ars Technica, your Apple silicon Mac has a huge security problem. Researchers have uncovered a vulnerability within M-series chips that enables bad actors to obtain security keys during standard and frequent cryptographic operations. The worst part? The flaw is hardware-based, which means Apple can’t patch it with a simple software update.
What is the flaw?
This flaw stems from how Apple designs its chips to handle memory: Ars Technica explains that M-series chips, as well as Intel’s 13th-generation Raptor Lake chips, predict data-memory addresses the current code will need in the future, by loading that data into the CPU cache ahead of time—a feature known as the data-memory-dependent prefetcher. This action reduces latency between your computer’s CPU and the main memory of the machine, which improves the overall performance.
This design lends itself to vulnerabilities, since it opens a “side channel” of previous access patterns that bad actors can exploit. That’s why engineers developed what’s known as “constant-time programming,” so all the operations on your machine take an identical amount of time to process. However, they missed a huge gap here: Your machine can mistake memory content with the “pointer value,” or what tells the machine where in memory the data is supposed to go. When this happens, your machine inadvertently leaks the pointers in a side channel, which gives bad actors their edge back.
Researchers say this process doesn’t leak the security keys outright, but a bad actor would be able to trick machines into leaking security keys overtime. They developed an attack to exploit the vulnerability called GoFetch, which only requires the same permissions as any other third-party app on your Mac. Once in, GoFetch will run on the same area of your M1 chip as a cryptography app, and over time, target and reveal a security key. Depending on the type of key, it may take GoFetch anywhere from 10 hours to as little as 54 minutes to reveal the key.
Fixing the flaw will come at a cost to performance
Since the flaw is based on the way Apple’s M-series chips are designed, this isn’t something a simple macOS patch can fix. Instead, engineers that develop the cryptographic software itself for Apple silicon will need to patch this. Unfortunately, that will almost assuredly come with performance hits to Apple’s chips. One proposed solution, according to researchers, could potentially double the resources currently employed by cryptographic software.
However, these performance hits will only occur when cryptographic software is running. That could be a silver lining, as anytime your machine isn’t running this software, such as with many apps and browsers, you may not notice reduced performance at all.