Study Identifies Vulnerability in Apple M-Series Chips Allowing Hackers to Retrieve Private Keys

According to CryptoPotato, a recent study has identified a vulnerability in Apple's M-series chips that could enable hackers to retrieve the cryptographic private keys of Mac users. The vulnerability functions as a side channel, allowing the extraction of end-to-end keys when Apple chips execute implementations of commonly used cryptographic protocols. Due to its origin in the microarchitectural structure of the silicon, direct patching is not feasible, unlike traditional vulnerabilities. Instead, the report suggests a fix that relies on integrating defenses into third-party cryptographic software. However, this approach may significantly degrade the performance of M-series chips during cryptographic tasks, particularly in earlier generations like M1 and M2.

The researchers explained that the exploitation of the vulnerability occurs when both the targeted cryptographic operation and a malicious application, operating with standard user system privileges, are processed on the same CPU cluster. The latest research sheds light on an overlooked phenomenon regarding DMPs within Apple silicon. In certain cases, these DMPs misinterpret memory content, including critical key material, as the pointer value used for loading other data. As a result, the DMP frequently accesses and interprets this data as an address, leading to memory access attempts. This process, known as 'dereferencing' of 'pointers,' involves reading data and inadvertently leaking it through a side channel, representing a clear breach of the constant-time paradigm.

The researchers identified this hack as a 'GoFetch' exploit, explaining that it operates on the same user privileges as most third-party applications, exploiting vulnerabilities in clusters of M-series chips. It affects classical and quantum-resistant encryption algorithms alike, with extraction times varying from minutes to hours depending on the key size. Despite previous knowledge of similar threats, the researchers said that GoFetch demonstrates more aggressive behavior in Apple's chips, posing a significant security risk.