Cracking the Code: Apple M-Series Chips Vulnerable to “GoFetch” Attack
University researchers have uncovered a critical security flaw in Apple’s M-series chips, codenamed “GoFetch.” This vulnerability could potentially grant attackers access to your Mac’s cryptographic keys, which are the crown jewels of its security.
Imagine a master thief who can steal your safe’s combination by watching how you turn the dial. That’s what GoFetch does. It exploits a quirk in the M-series chip’s data prefetcher, designed to speed things up, to spy on how it handles cryptographic keys. By piecing together these glimpses, attackers can crack the entire key in a surprisingly short time:
- Under 1 hour: Stealing a 2048-bit RSA key (a common encryption standard)
- Less than 2 hours: Cracking a 2048-bit Diffie-Hellman key (another encryption protocol)
Even cutting-edge post-quantum cryptography (designed to withstand future supercomputers) isn’t immune:
- 54 minutes: Extracting data for a Kyber-512 key (post-quantum)
- Roughly 10 hours: Exposing a Dilithium-2 key (another post-quantum scheme)
The bad news? Fixing GoFetch might slow down your Mac. The researchers suggest various solutions, but all involve tinkering with the chip’s inner workings, potentially impacting performance. Turning off the prefetcher altogether is the most extreme option, but other approaches, like isolating critical security tasks on specific cores, are also on the table.
The good news? DMP-based attacks like GoFetch are uncommon and require physical access to your Mac. Here’s how to stay safe:
- Fortress Password: Use a strong, unique password for your Mac account.
- Gatekeeper: Be cautious about running unfamiliar applications.
- Physical Security: Don’t let strangers use your Mac (stranger danger applies to computers, too!)
The future? Researchers recommend that Apple develop a more intelligent way for MacOS to manage the prefetcher, potentially deactivating it during critical security tasks. This would require long-term collaboration between hardware and software teams.
Stay tuned! This story is still unfolding. We’ll monitor Apple’s official response and any developments in the fight to secure your M-series Mac.