Tag Archive for: apple

Apple Chip Flaw Leaks Secret Encryption Keys

/in


The next time you stay in a hotel, you may want to use the door’s deadbolt. A group of security researchers this week revealed a technique that uses a series of security vulnerabilities that impact 3 million hotel room locks worldwide. While the company is working to fix the issue, many of the locks remain vulnerable to the unique intrusion technique.

Apple is having a tough week. In addition to security researchers revealing a major, virtually unpatchable vulnerability in its hardware (more on that below), the United States Department of Justice and 16 attorneys general filed an antitrust lawsuit against the tech giant, alleging that its practices related to its iPhone business are illegally anticompetitive. Part of the lawsuit highlights what it calls Apple’s “elastic” embrace of privacy and security decisions—particularly iMessage’s end-to-end encryption, which Apple has refused to make available to Android users.

Speaking of privacy, a recent change to cookie pop-up notifications reveals the number of companies each website shares your data with. A WIRED analysis of the top 10,000 most popular websites found that some sites are sharing data with more than 1,500 third parties. Meanwhile, employer review site Glassdoor, which has long allowed people to comment about companies anonymously, has begun encouraging people to use their real names.

And that’s not all. Each week, we round up the security and privacy news we don’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Apple’s M-series of chips contain a flaw that could allow an attacker to trick the processor into revealing secret end-to-end encryption keys on Macs, according to new research. An exploit developed by a team of researchers, dubbed GoFetch, takes advantage of the M-series chips’ so-called data memory-dependent prefetcher, or DMP. Data stored in a computer’s memory have addresses, and DMP’s optimize the computer’s operations by predicting the address of data that is likely to be accessed next. The DMP then puts “pointers” that are used to locate data addresses in the machine’s memory cache. These caches can be accessed by an attacker in…

Source…

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

/in


An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).

m1 vs m2 air feature toned down
Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple’s processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they’re dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there’s less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is…

Source…

Apple Zero-Day Exploits Bypass Kernel Security

/in


Apple has released emergency security updates to fix two critical iOS zero-day vulnerabilities that cyberattackers are actively using to compromise iPhone users at the kernel level.

According to Apple’s security bulletin released March 5, the memory-corruption bugs both allow threat actors with arbitrary kernel read and write capabilities to bypass kernel memory protections:

  • CVE-2024-23225: Found in the iOS Kernel

  • CVE-2024-23296: Found in the RTKit component

While Apple, true to form, declined to offer additional details, Krishna Vishnubhotla, vice president of product strategy at mobile security provider Zimperium, explains that flaws like these present exacerbated risk to individuals and organizations.

“The kernel on any platform is crucial because it manages all operating system operations and hardware interactions,” he explains. “A vulnerability in it that allows arbitrary access can enable attackers to bypass security mechanisms, potentially leading to a complete system compromise, data breaches, and malware introduction.”

And not only that, but kernel memory-protection bypasses are a special plum for Apple-focused cyberattackers.

“Apple has strong protections to prevent apps from accessing data and functionality of other apps or the system,” says John Bambenek, president at Bambenek Consulting. “Bypassing kernel protections essentially lets an attacker rootkit the phone so they can access everything such as the GPS, camera and mic, and messages sent and received in cleartext (i.e., Signal).”

Apple Bugs: Not Just for Nation-State Rootkitting

The number of exploited zero-days for Apple so far stands at three: In January, the tech giant patched an actively exploited zero-day bug in the Safari WebKit browser engine (CVE-2024-23222), a type confusion error.

It’s unclear who’s doing the exploiting in this case, but iOS users have become top targets for spyware in recent months. Last year, Kaspersky researchers uncovered discovered a series of Apple zero-day flaws (CVE-2023-46690, CVE-2023-32434, CVE-2023-32439) connected to Operation Triangulation, a sophisticated, likely state-sponsored cyber-espionage campaign that deployed TriangleDB spying implants on iOS devices at a variety of…

Source…

How Apple is Protecting iMessages Against Tomorrow’s Hackers

/in





A forthcoming iMessage update will protect your conversations from being cracked by quantum computers
(Photo : (Photo by Spencer Platt/Getty Images))

A forthcoming iMessage update will protect your conversations from being cracked by ultra-powerful quantum computers. But those computers don’t even exist yet. 

In the next version of iOS 17, iMessage will receive its most significant security update ever. Named PQ3, this “post-quantum cryptographic protocol” is a set of security features designed to protect against attacks from the quantum computers of the future, which will make it trivial to crack existing encryption methods. This sounds like utter sci-fi, so why is Apple doing this now? What’s the point of protecting iMessage users from threats that have yet to exist and may not exist for a long time? That’s where things get interesting. 

“Quantum computing has generated a lot of excitement, not just because it sounds futuristic. It’s like having a super-powered computer that can crack digital locks we once thought were unbreakable,” says information security analyst and researcher Nathan Jacobs. “Imagine a lock that would take a regular computer a millennium to open; a quantum computer could potentially do it during a coffee break. That’s why the chatter about iMessage beefing up its security isn’t just tech hype-it’s addressing a genuine concern.”

Harvest Now, Decrypt Later

Imagine that you are a jewel thief and somehow managed to end up in the safety deposit vault of some fancy bank. You have access to all those boxes, but they’re locked with impossible-to-pick locks, and the boxes are currently indestructible. Do you walk away? Or do you grab all those safety deposit boxes and store them until they can be opened?

That’s the idea behind Harvest Now, Decrypt Later, a scenario where bad actors collect and store data today until quantum computers can easily extract it. This is a perfectly credible, affordable option, thanks to cheap storage. 

“Is quantum a looming threat? Not quite yet. But it’s like building a storm…

Source…