A recent study has raised alarm after identifying a vulnerability in Apple's M-series chips that has the potential to enable hackers to retrieve Mac users' private encryption keys.
In the absence of a direct solution, the other method proposed by the researchers may significantly hinder performance.
Apple M-Series chips are vulnerable to key mining
The vulnerability in question acts as a side channel, allowing end-to-end key extraction when Apple chips implement implementations of commonly used cryptographic protocols. Due to its origin in the silicon microarchitecture, direct patching is not possible, unlike traditional vulnerabilities.
Instead, the report highlighted a fix that relies on integrating defenses into third-party encryption software. However, this approach may significantly “degrade” the performance of M-series chips during encryption tasks, which is especially evident in previous generations such as the M1 and M2.
The researchers also added that exploitation of the vulnerability occurs when both the targeted cryptographic process and the malicious application, running with standard user system privileges, are processed on the same CPU block.
“Our key insight is that while DMP merely dereferences pointers, an attacker can craft program inputs such that when those inputs are mixed with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies the attacker's chosen predicate.”
Recent research highlights what is described as an overlooked phenomenon regarding DMPs within Apple silicon. In some cases, DMPs misinterpret memory content, including critical background material, as a pointer value used to load other data. As a result, the DMP repeatedly accesses this data and interprets it as an address, resulting in memory access attempts, the research team explained.
This process, known as “dereferencing” pointers, entails reading data and inadvertently leaking it through a side channel, which is a clear violation of the constant-time model.
Go fetch
Researchers identified this hack as a “GoFetch” exploit while explaining that it runs under the same user privileges as most third-party apps, and exploits vulnerabilities in M-series chipsets. It affects both classical and quantum-resistant encryption algorithms, with extraction times varying from minutes to hours depending on the key size.
Despite previous knowledge of similar threats, researchers said GoFetch exhibits more aggressive behavior in Apple chips, posing a significant security risk.
