researchers find unfixable bug in apple computers

This reminds me of that one time on the oldest anarchy server in Minecraft when some nerds found out you could punch a block anywhere in the world to 1) see if that chunk is loaded, and 2) see what type of block it is. Well turns out by comparing what chunks are loaded and when against when players log in and out, you're able to figure out which group of chunks is from what player, and track everybody on the server in real time. Then through a long series of punches in those areas, you're able to reconstruct an entire base block for block.

Getting all the memory of a process by listening closely to see how long each operation takes reminded me a lot of that.

Dominexis

To me the thought that people actually even know how the cpu works is unfathomable, but then there's people who want to abuse it that know even more.

Yupppi

In 4:16 you said you would link the paper you are referencing, but I cannot the see the url, I guess you forgot it. Please could which paper it is?

JinskuKripta

Just looked it up, looks like the iPad Pro 12.9-inch and iPad Air use the M1 chip. Now we're one step closer to jailbreaking them!

Damariobros

It's 'funny' to me when companies (e.g., Apple) shrug and say there's nothing to worry about - because you have to have physical possession of the machine in order to do the hack. Except all you need is to be able to run software on the machine, which can be done remotely from anywhere in the world. This reminds me of a time (surely patched by now, though it'd been years unpatched already before I learned about it; I've been on Linux for decades) that Windows had a process running on the desktop as local admin - that you could, nevertheless, simply send it key commands as if you were admin operating the UI. They (Microsoft) also said you had to have local access in order to exploit it, and, once again, they ignored anyone who would have a remote desktop on the machine would have access to exactly that.

Yes, there are plenty of hacks that require actual physical access to the hardware (if someone nefarious can physically touch your machine, it's not yours any longer!), but to claim anything hardware based is immune from remote exploit shows either colossal ignorance of security - or a willingness to bold face lie to their customer base. Knowing how many security experts are at Apple, I'm going with the latter.

mitakeet

The prefetch optimisation is not available on M1 or M2 efficiency cores, and the M3 has the ability to disable the optimisation. So, while the research is worthy of great respect and a Phd grant or two, this is not the end of the world. Crypto code can be bound to efficiency cores on M1 and M2, and the optimisation can be disabled for anything that may leak key on M3.
When YouTube offered this video to me my instant reaction was click-bait and reminiscent of the tech press reaction to the researchers press release. But your description of the flaw was pretty clear.

EamonWalshe

typo in description. *wreaking havoc. "reeking" means smelling like something.

grify

I love side channel attacks, they are always so interesting and ingenious. Sometimes they can literally look like science fiction like the acoustic or electromagnetic ones.

rangargorgen

always amazed at cache/tlb/memory exploits...very deep rabit hole to dwelve into

komm

It doesn't need physical access to your computer. "Like other attacks of this kind, the setup requires that the victim and attacker have two different processes co-located on the same machine and on the same CPU cluster. Specifically, the threat actor could lure a target into downloading a malicious app that exploits GoFetch." - The Hacker News

davidgaag

The way this side channel vulnerability takes advantage of the difference between operation speed in branch prediction, reminds me of a bug mentioned in EVE Online lore.

There is a way to use a ship equipment module called a data analyzer to gain information regarding when a player owned space station becomes vulnerable to being attacked and destroyed by other players. The description of this module mentions branch prediction vulnerabilities in something called a recursive computing module, which basically is the Eve Online version of a CPU for a space station.

FutureAIDev

An example of why I include random elements in authentication frameworks, to make timing the operation difficult/pointless.

Relkond

Boy, Apple is just having more and more problems this week

MasonCloutier

Thanks for explaining something that was incomprehensible previously

ammarnanaa

Sadly, fixing this sounds like it will slow down cpus.

magellan

What you are explaining is exactly what I am going through, the RSA algorithm

shadowgirl

Thanks for the quality information. Remember to stay hydrated ❤

ajk_

I found one *fixable* bug in the title of this video: "Researchers FOUND unfixable bug..." (not "find", unless they're still finding it or as if there are more unfixable bugs that are constantly getting discovered).

bsimic

Extremely interesting! And detailed, with a lot of pedagogy (lowering stuff to the lewel of the audience). THanks.

dragoons_net

Fascinating, but as an everyday user I wouldn’t get my knickers in a knot about this. Things are very grim if hackers want to use this to gain access to my online mail order dog food account.

dutchroll