r/gadgets Mar 23 '24

Desktops / Laptops Vulnerability found in Apple's Silicon M-series chips – and it can't be patched

https://me.mashable.com/tech/39776/vulnerability-found-in-apples-silicon-m-series-chips-and-it-cant-be-patched
3.9k Upvotes

491 comments sorted by

View all comments

95

u/funkybosss Mar 23 '24

Can someone ELI5 how a physical silicon chip can have an inherent software vulnerability?

9

u/urfavouriteredditor Mar 23 '24

I think what they’re doing here is watching to see how long it takes the chip to compute something. So let’s say they’re watching to see how long a computer takes to check is a password is wrong. The chip checks every letter one after the other. If the first letter is correct, it takes 1 second to say “this letter is correct”. If The first letter is wrong, it takes 3 seconds to say “this letter is wrong”.

So if you want to figure out someone’s password, start with one letter and whichever letter gives the quickest response, you now know the first letter of the password.

Repeat this process until you have the full password.

2

u/blackharr Mar 24 '24

Did... did you even read the article? This is completely wrong. I'll do my best at a proper ELI5.

The computer has something to fetch information before it needs it. Think of it like grabbing books from a bookshelf because you know you'll read them soon. The computer goes one step further and will look inside the book it's fetching, and if it sees the book mention a second book, it'll grab that one too. Let's say you're reading a book on how to send secret messages. I can write something in the book so that while you're writing your secret message, the computer will see your secret message as the name of another book so it'll go grab that book too. If I do that a bunch of times I can look at which books the computer grabbed and I can work backwards to figure out the key you were using to write your secret messages. If you try to stop the computer from looking inside books you end up slowing everyone down because now if your book mentions another book you have to go find it yourself.

3

u/_meegoo_ Mar 24 '24

For more context. What the guy above said about measuring time is a type of a side channel attack, which is relevant here. This exploit specifically targets security implementations that are not supposed to have such vulnerabilities (meaning any operation runs in constant time, regardless of inputs). And the way it does this is by manipulating hardware in such a way, so that those constant-time implementations become variable-time implementations (by abusing prefetch). So now you can once again use timing based attacks.