Free Trial
Contact Us
Podcast

Root Causes 381: Apple Chip Sideloading Attack Leaks Encryption Keys

Hosted by
Tim Callan
Tim Callan
Chief Compliance Officer
Jason Soroko
Jason Soroko
Fellow
Original broadcast date
April 26, 2024

A newly revealed side channel attack enables theft of private keys from M-series Apple chips. We explain.

Podcast Transcript

Lightly edited for flow and brevity.
Tim CallanTim CallanOkay. So I'm looking at an article. I don't think this is the only place this was reported, but it's the one I'm looking at. It's an Ars Technica article from Dan Goodin. We get a lot of our stories from Dan. March 21, 2024 is the date and the headline reads: Unpatchable Vulnerability in Apple Chip Leaks Secret Encryption Keys. And so when I see the word secret and the word encryption key, it gets my attention. And the word leak. So um, what went on here, Jason?
Jason SorokoJason SorokoGeez. What happened here? This isn't a good one. In fact, it's bad. This is actually really well written. Thanks, Dan. You know, I gotta tell you, so many journalists just botch this stuff, and Dan makes it understandable even to people with low IQ like me. So here we are.

So Tim, what we are referring to, let's talk about it, Apple, as you know, has come up with their own chipsets for a lot of their laptops. So you'll find MacBook Pros, MacBook Airs, with the new M series chips and what we're talking about here is I think mostly the M1 and M2 generations. There is an M3 at this point in time. So what is going on, Tim, of course, is that some researchers, very good research, has been able to recreate private keys stored in memory. So this is a good old-fashioned side channel attack. And it is caused by - Tim, you're gonna love this.

From what I can tell the root cause of what's going on here is that the optimization - - anytime you're hearing about side channel attacks, quite often what's going on is some sort of memory or process optimization that's leaking information. And isn’t it interesting that in this case, these Apple M1 and M2 chips they're using this new feature, right, the abbreviation DMP. It's not important right now. What's important is that this DMP optimization feature is mistaking private key, of course, and if any of you've ever seen these things, these things are usually hashed so it's a series of alphanumeric characters. Right, Tim?
Tim CallanTim CallanRight.
Jason SorokoJason SorokoYou've seen this before? So have many people listening to this podcast. Unfortunately, to the M1 and M2 two chips with his DMP optimization feature, those private key hashes look like pointer addresses, and pointer addresses, which need to be known by other processes going on, what actually is being spit out and leaked by the optimization process is, in fact, the private key. So that's just an overtly bad, bad one.
Tim CallanTim CallanSo side channel attacks, these are hard, right?
Jason SorokoJason SorokoYeah. They are.
Tim CallanTim CallanLike, they're like, like fundamentally, you're looking at the behavior of the chip. And I don't know if this is based on power, or sound or heat. I guess most of the time it's power, but I’m given to understand that dealing with a side channel check isn't that trivial, because you have to somehow obscure the information that is being used in the side channel attack. And that’s a difficult thing, because you're talking about something like the amount of power that it's consuming where you can't really stop consuming the power you need to consume.
Jason SorokoJason SorokoIt's true, Tim, but I think in this case, it's a little more simplistic, because a lot of side channel attacks might require something to physically be listening and sometimes it's very difficult with silicone to be able to actually listen in from something that is hardware-based, and therefore the attack is very, very targeted. In this case, the attack that the researchers here have been talking about is called GoFetch. It’s just an application, and it doesn't require root access. And so that is really bad, Tim. Think about that. Right? Like, that's the big - - you get it as soon as I say that. So in other words, the bad guy just needs to have an application, nothing really, it's the same user privileges needed by third party apps in order to to listen into MacOS system. And this Go Fetch system is able to basically piece together private keys from this leakage and because it is listening to operating system level processes, and that makes it to me just extra bad.
Tim CallanTim CallanSo if this is based on listening to chip optimizations, does that mean that these chips are going to have to become less optimal in order to solve this particular vulnerability? Are they going to have to go back and somehow wind back or mitigate these optimizations that are here to make the chip ultimately run faster?
Jason SorokoJason SorokoI can tell you're very old, Tim, just like me, because that has actually been - - that, of course, was proposed for a lot of Intel chips that were, you know, had to basically cut off some of their optimizations in order to be able to not have secrets be leaked. Yes, we've heard that before. I haven't heard that here.
Tim CallanTim CallanOkay. Good.
Jason SorokoJason SorokoIn fact, I don't - - the problem is, I don't know what the mitigation is yet. So I'm not ruling it out.
Tim CallanTim CallanYep. Okay. So we've talked about side channel attacks before. I think we'll talk about them again. One of the interesting thing about side channel attacks, of course, is they are a side channel. So that vulnerability can sneak by the design process. Sometimes I think a little more easily than another kind of vulnerability because you do have to be very lateral in you're thinking about how to protect from this kind of information gathering.
Jason SorokoJason SorokoExactly, exactly. So I think what's interesting is that - - though, Tim, I am going to mention that in the M3 chipset, apparently, it is easier. There's something Apple did to make it easier for developers to actually disable the DMP optimization feature. And so therefore, I think that's why the attention is being laid on the M1 and M2 chips, because there's a lot of them around and I don't know if it's going to be as easy to essentially turn it off the way that that you've just said. So that's just a side note. I've got an M2 Apple MacBook Air. I love that thing. It's a great little machine but you know, I also understand from this article, it's got some security issues.
Tim CallanTim CallanWell, don't let any GoFetch on your system, Jay.
Jason SorokoJason SorokoThat's true. That is a good tip. Pro tip.
Tim CallanTim CallanGood tip. Pro tip. All right. Well, thank you very much, Jay. This has been Root Causes.
Jason SorokoJason SorokoThank you, Tim.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!

Listen on Apple PodcastsListen on SpotifyListen on SoundCloud