New hardware vulnerability discovered in Apple’s M chips that allows attackers to steal encryption keys from Macs
Apple computers have long distinguished themselves from PCs by being more difficult to hack, which is one reason some security-conscious computer and smartphone users are happy to fork over the high prices their products fetch. However, Apple has found itself in the spotlight more and more lately as tech experts reveal numerous vulnerabilities in their products.
The latest is a new bug that researchers have found in the Apple M1, M2 and M3 chipset. Known as
the GoFetch vulnerability, it is part of the computer’s CPU. This means that unless you change the computer’s CPU itself, it is essentially unpatchable. It allows for side-channel cache-based memory attacks wherein a process can read the data from another process and leak information. The vulnerability is highly sophisticated and is related to the Data Memory-dependent Prefetcher hardware part of the chip.
Although it is very concerning, cybersecurity experts emphasize that it is a local bug, which means that an individual would need access to your computer in order to take advantage of it.
Nevertheless, it points to an unsettling trend in which Apple’s computers and smartphones are increasingly being found to be far less secure than many consumers believe. And with bugs like this one in particular, some people, like
X user “Kim Dotcom”, are wondering whether U.S. intelligence agencies have intentionally placed them there so they can spy on Americans.
Apple has had several high-profile vulnerabilities exposed recently
In December, researchers exposed an
attack known as Triangulation that backdoored countless iPhones, many of which belonged to employees of the security firm Kaspersky, across a span of four years. The attackers gained an unprecedented degree of access by exploiting a vulnerability in an undocumented hardware feature of the phones.
After a lengthy investigation, researchers were unable to determine how the attackers knew the hardware feature existed or what its purpose is.
The backdooring campaign was significant, infecting the iPhones of thousands of people who worked in Russian embassies and missions. During the years it was active, the victims’ phones were infected via iMessage texts that managed to install malware on the devices without the victim taking any action thanks to a complex exploit chain.
This placed full-featured spyware on their phones capable of transmitting a broad range of sensitive data to servers controlled by the hackers. Some of the data it transmitted included photos, microphone recordings and geolocation information.
Kaspersky Researcher Boris Larin explained what made this attack stand out: “Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections.”
In January, another vulnerability was discovered in Apple products. Dubbed LeftoverLocals, it enables attackers who have local access to a device to obtain data that is processed in the local memory of the GPU, something that poses a major risk as the use of Large Language Models increases. The vulnerability means that attackers can eavesdrop on a user’s interactive LLM session, which may give them access to sensitive information. Only some Apple devices have received patches to address this; others
remain vulnerable.
Sources for this article include:
Twitter.com
TechRepublic.com
ARSTechnica.com