live_tv
Livestream Starting Soon
00
Hours
:
00
Minutes
:
00
Seconds
Up next in 10
More Apple news: http://www.cultofmac.com
Follow us!
Twitter: https://twitter.com/cultofmac
Facebook: https://www.facebook.com/cultofmac
Instagram: https://instagram.com/cultofmac/
Show More Show Less View Video Transcript
0:00
Although, I have no idea where we are
0:03
Oh, we're gonna talk about hacking the M chip. Griffin, you better do it quick
0:06
because we got one, two, I guess like two and a half stories left
0:10
But not much time to do it. We got 10 minutes. You gotta motor mouth your way through this
0:14
Hackers can exploit flaw in Apple M-series processors. This is the biggest story of the week on Kultimac.com
0:21
Security researchers have found a serious exploit in all Apple M-series processors
0:26
The flaw exposes precious encryption keys and it's baked into the hardware
0:31
So it can't easily be patched without a performance penalty. Bad news
0:36
Encryption is used to keep information that travels over the internet private. It's what makes online shopping possible
0:41
It ensures that nobody can read our texts, which is why it's troubling to say the least
0:46
The security researchers at some of America's top universities found a way to make M-series processors
0:52
leak the encryption keys that could unlock all of that security. The proof of concept tool is called GoFetch
1:00
So one of the ways M-series processors offer such great performance is with what's called
1:06
the Data Memory Dependent Prefetcher or DMP. This is what fetches data into the CPU cache
1:16
which is basically like a faster form of memory available to the processor
1:20
The DMP will read through the contents of program memory, look for pointers to any other locations in memory
1:27
and copy the reference data in advance. And this is where the researchers found the leak
1:31
They feed the DMP a bunch of cryptographic related like instructions in their program
1:38
Then they look at all of the pointer values that the DMP spits out
1:42
And over the course of a couple hours, they can piece together an entire cryptographic key
1:46
out of your Mac. Now, the good news is there are no examples
1:51
of the DMP flaw discovered by researchers and actual use by hackers
1:56
And the other good news is that on M3 chips, there's a built-in toggle switch that can disable the DMP
2:02
And that fixes the leak. But it does mean that running all these
2:06
you know, cryptography software instructions without using the DMP, like entirely in software without using the hardware
2:13
will slow down the Mac. And the bad news is that there's no toggle switch
2:19
like that on the M1 and M2 chips. So just be careful
2:23
Oh, great. Guess you got to upgrade to M3. No problem. Only the M3
2:28
I love it's a feature. Only the M3 Max chip is safe. Everyone better go upgrade
2:32
And only the 40 GPU core model, of course. That's actually probably not true
2:38
Don't sue me. But now I can't use my favorite cryptography apps
2:44
Yeah. So if and when it goes beyond the proof of concept stage, the exploit will need to be delivered in the usual ways
2:49
a virus or a Trojan horse. And software that protects against these
2:54
should block attempts to install the malware. So, you know, basically just install your software security updates on your Mac
#Computer Security
#Hacking & Cracking
#Consumer Electronics
#Technology News