Unfixable Apple Exploit - How It Really Works 

Want early access to new videos and some behind the scenes content? Consider becoming a channel member ru-vid.com/show-UCQvW_89l7f-hCMP1pzGm4xwjoin

Really like the off-the-cuff, unrehearsed style! Came from your more scripted full-length videos and still definitely enjoy those, but this feels like a lecture with someone who is really in their element, and that scratches an entirely different itch.

After watching your video I checked out some of the articles online regarding this. It's funny to read 1) Their different attempts to reword the paper into simpler terms for people to understand, and 2) the level of scaremongering used from article to article - some are very upfront about the fact that this isn't something to worry about right now, while others are very happy to leave you in the dark about if you're safe or not. Great video.

Would you or someone be willing to make a M Chip vulnerability for dummies video? Explaining it to your granddad if he was interested in buying a new MacBook this month. This granddad has not yet found a video or article yet dumbed down enough.

Is it OK if I call you the Froddo Baggens of Reverse Engineering?

From my understanding, the M3 chips have the ability to turn off DMP for a performance hit unlike the M1/M2 which do not have this ability. Has anyone heard anything about Apple pushing out a patch to allow users to disable the prefetching just in case?

"local": unless i'm mistaken, local access doesn't mean physical access, it means a process running on the machine. (this is in contrast to remote attack, e.g. by sending malformed network packets). local: so an attacker still somehow needs to get code to execute on your machine. * that could be code executed by another user on the same machine. generally a situation In server environments, e.g. on a shared host. * on a client device, that could be another process, e.g. a website, because a browser executes the JavaScript. JavaScript just being an example here. To my knowledge, browsers now all slightly abstract the clock as javascript sees it, so that javascript can no longer do timing attacks. it could also be an app from the app store, that despite having restricted access executes on the same cpu you could say. summary: "local": should not need physical access, but will still need some way to get a user or machine to execute your code.

I think you mentioned it right at the end that it could be part of a payload/remote exploit - but what part of the process needs local access to the computer? It seems like you're just running some very unique code for sure, but still just code nonetheless. Regarding the multi hour part, surely you're also fine to scale that back, run it at 10% speed to not be noticed and accept you're going to get a result in a day or two rather than a trip to the movies. I would guess timing would be the most tricky, but I would guess that should just fall down to counting CPU cycles, not hooking up a multi-GHz oscilloscope. I don't know a huge amount about crypto, so excuse my ignorance :)

I quite like this format, I'd definitely enjoy seeing more technical deep-dives into vulnerabilities like this. Also yes lattice cryptography is still a big thing in post-quantum cryptography (27:31). In 2022 NIST released 4 quantum-resistant crypto algorithms and three of them were based on lattice cryptography

Great video. It's nice for someone to go a bit more into the finer details of the attack rather than just harping on "It's in hardware! It's unfixable! Ohmygod ohmygodohmygod, P A N I C!!!111!!eleven!!" part. (Yes, I am late to the party. Been figuratively literally living under a rock for the past few months and am currently catching up on tech news ;) One minor correction though: Being a "local attack" does not mean "requiring physical access". No one needs to sit at your machine for this exploit. They'd only need to be able to run code on your machine, which sets the bar far lower as that could be done remotely, especially if your machine is already compromised (say by being infected with a virus). Hell, there are even ways to run code on your machine without compromising it (JavaScript, anyone?), though those are most likely unsuited for such highly timing-sensitive attacks at this, so I'd assume your machine would need to be already compromised for this attack to be realistically feasible. Still, whether you should be concerned about this attack with your threat model isn't something any article or RU-vid video can tell you. Sorry to say, that'd be something you'd have to decide for yourself.

Well, I'd say the second attacker has a process running on the system itself, physically, all bets are off. That's a total failure of security in that point and it's obvious that it'll fall outside of SSL threat model. The same as if someone has physical access to a switch, then the network security has been breached and all bets are off.

Really been enjoying your content lately, thanks for doing what you do. You answer a lot of questions I had as a kid playing games and never bothered to find out now as an adult in software engineering. A comment on your presentation where you illustrate by hand, this is something I’ve been dabbling with in my team at work and I’ve found that using different colours makes it not only more interesting, and thus more likely for people to follow along, but also easier to separate things or group common ideas, which makes it easier to follow along.

Half the time i have no idea what your talking about. Sounds like gibberish yet i keep coming back. 😂 Keep up the great work. I like this on the fly kind of video. 🤙

The article says the malicious code needs to run locally on the machine. Why are you saying that the attacked needs to be physically sat at the computer?

😳 Excellent review Nathan, thank you for explaining this so well! 👍👍👍

You are the GOAT. Been watching your videos when u had a few hundred subs and good to see how the channel is growing

Your explanations and knowledge distillation are exquisite. Thank you very much for sharing!

Another killer video Nathan, fast becoming the best (and most entertaining) engineering content on YT. I work in applied crypto. Funny that OpenSSL don’t care as local exploit out of scope, I mean they care enough to implement constant time functions for crypto in the first place and this only protects against local side channel anyway. Also with M3 and above you can use chicken bits to disable the DMP during critical path.

Dude you really know your stuff!

How this could be unpatchable on M1, M2 and M3 since there is a special bit on M3 to disable DMP ?

In my understanding it was not a mistake…because only programmers can do this.

Your explanation was really great ... Then you did was a lot of apple fan did ... You said "someone needs to be sat 2.5 hours at your machine" ... It is wrong ... Totally wrong and you know it: any application and/or service on the machine, that would have a RCE (remote code execution) flaw, would permit to run the code... And that app / service flaw does NOT even need to have specific permissions on the system: could be your browser, your download app... The answer from openssl is totally normal: since IT NOT there concern ! It is Apple concern and openssl cannot patch it !

It’s a good video, but the number of adverts is way over the top. For a 30-min video there were approximately 7 ad breaks. It comes across as greedy, unfortunately.

I do not really understand why I would need to be at your computer in order to break these, because all I need is that you are running my program while at your computer - like you can put this in an application or a game silently. I see nothing about this not being able to do remotely - pretty much the opposite.

So what, practically, can this be used to do by an attacker? Break Filevault? Reveal passwords? I think maybe I'm not smart enough to fully understand it entirely. Ha.

Is just M1 affected or the entire architecture aka A14 (Icestorm/Firestorm)? What about M2 and A15(Blizzard/Avalanche)? A16(Sawtooth/Everest)? A17 Pro?

Sleep a random number of ms each iteration of char[I] == char. Just to mess with the brute force hackers 😂

Crash different, total garbage!

Did you mean arrays are stored contiguously? I hadn't heard it referred to it as congruantly. Just wondering

There's an important detail missing from the paint example when doing DH key exchange. Although the common paint colour is known to an attacker, it must also be a colour that must not be able to be manipulated by an attacker too.

but this poses a real threat for stolen devices, no?

Interesting Video. I like this format as well.

I remember a while back PHP hd an exploit similar to this, new functions were added and patched to make them time safe, I have no idea how to phrase that, anyway, thats my personal experience of this type of attack and it's super interesting to see it on a hardware level even though I have zero understanding of whats going on I can follow along, another great vid cheers man.

don't wanna use an unsafe prime .. what my old man always told me ..

Does this add to the attack surface of the setup app so it can be bypassed? I've a legitimately purchased activation locked M1 Macbook Pro that Apple simply refuses to unlock even though I provided them with the motherfucking receipt. (It was a company device that was on loan to someone and they RMA'd it & never removed the device from their icloud)

I'm only 15 minutes in, but as someone stuck on Windows 10 because of Spectre, I'm not happy knowing my M1 was the computer I bought to replace it... as soon as you started getting into side channel attacks on the CPU cache my heart sank.

Love the hands on explanation. Definitely helps me cut trhough the high level stuff which I always have trouble understanding.

Can you test that on your Mac?

Excellent explainer! I'd love to see more unscripted videos that 'breakdown' whitepapers or like you said, go a little more in depth.

Are t'authors from Yorkshire? (ey up)

Is game hacking even a challenge to you at that point? Outstanding video! Love all your stuff!

Great video Nate , the details and drawings really help me understand what's going on with he M1 chip

Say the attacker could crack it in say a minute, what would that give them the ability to do? Don't they already need local access to the PC?

So, one has to be talented enough to pull this off and it’s more difficult remotely?

15:50 Wow nice explanation of how can run a function at constant time. It's interesting at the beginning of video, how can use timing to get more info, when it checks each letter in a loop. 👍

I was just wondering if you would look into this. Thanks for the great explanation

People are hyperventilating about this because they are worried about their private keys being stolen and then they lose or their crypto. And say things like don’t connect to a public WiFi under any circumstances. And giving every M1 user the impression that they should never buy an Apple computer because the are now fu___ed. However, having watched your great video, it seems that the attack vector is pretty low. How a person might choose to hack somebodies computer to steal private keys is probably more simple. Such as observing the keys entered into the keyboard either visually or remotely. And then just logging in and exporting the private keys. Would you agree that RU-vidrs are being way to scare mongering ? And also, is it really impossible to fix ?

Sounds like this would be a bad time to get your m1-m2 stolen lol

impressive way to quickly take advantage of recent news props

Great intro and deeper dive! BTW: i think you meant Contiguous instead of congruent.

Apple be like "let's invent the next Spectre bug"

As a dev I really appreciate your videos, thank you so much!

How do Intel and AMD processors differ from that? Why don't other processors leak or do they?

your videos are gold!

:3

so this exploit is realistically unusable.

Was the thumbnail AI generated?

whoah sir!

Hello Great Sirs :D