mox@lemmy.sdf.org to Technology@lemmy.worldEnglish · 8 months agoUnpatchable vulnerability in Apple chip leaks secret encryption keysarstechnica.comexternal-linkmessage-square23fedilinkarrow-up14arrow-down11file-textcross-posted to: technology@lemmit.onlineapple@lemmit.onlinetechnology@midwest.socialapple_enthusiast@lemmy.worldtechnology@lemmy.mltechnology@lemmy.zip
arrow-up13arrow-down1external-linkUnpatchable vulnerability in Apple chip leaks secret encryption keysarstechnica.commox@lemmy.sdf.org to Technology@lemmy.worldEnglish · 8 months agomessage-square23fedilinkfile-textcross-posted to: technology@lemmit.onlineapple@lemmit.onlinetechnology@midwest.socialapple_enthusiast@lemmy.worldtechnology@lemmy.mltechnology@lemmy.zip
minus-squareKilling_Spark@feddit.delinkfedilinkEnglisharrow-up1·edit-28 months agoSo the attack is (very basically, if I understand correctly) Setup: I control at least one process on the machine I am targeting another process on I can send data to the target process and the process will decrypt that Attack: I send data that in some intermediate state of decryption will look like a pointer This “pointer” contains some information about the secret key I am trying to steal The prefetcher does it’s thing loading the data “pointed to” in the cache I can observe via a cache side channel what the prefetcher did, giving me this “pointer” containing information about the secret key Repeat until I have gathered enough information about the secret key Is this somewhat correct? Those speculative execution vulnerabilities always make my brain hurt a little
So the attack is (very basically, if I understand correctly)
Setup:
Attack:
Is this somewhat correct? Those speculative execution vulnerabilities always make my brain hurt a little