Come learn C so this doesn't happen again at lowlevel.academy (there's a SALE)

always terrible when researchers accidentally stumble upon your NSA backdoor :(

The only hard things in computer science are naming things and cache invalidation.

Computer architecture is so much more complicated than most people realize, even many programmers. I remember in college learning about concepts like superscalar pipelining and micro code for the first time. It still fells like there was always something new and complex to learn about computers.

0:15 "It is unpatchable unless you literally go to the store and get different CPU..." If only it can be a thing with Apple

One of the guys who discovered Meltdown/Spectre is my Prof at University

This reminds me of that one time on the oldest anarchy server in Minecraft when some nerds found out you could punch a block anywhere in the world to 1) see if that chunk is loaded, and 2) see what type of block it is. Well turns out by comparing what chunks are loaded and when against when players log in and out, you're able to figure out which group of chunks is from what player, and track everybody on the server in real time. Then through a long series of punches in those areas, you're able to reconstruct an entire base block for block. Getting all the memory of a process by listening closely to see how long each operation takes reminded me a lot of that.

The CIA must be really broken up about this getting discovered.

"...constant time programming..." Decades ago, there was a game (something with ghosts in a graveyard ?) for the Z-80 based TRS-80. The game was designed so that an AM radio, placed next to the computer, would pickup RFI in the form of the game's musical soundtrack. Yes, the programmer(s) embedded music into the RFI based on intentionally non-constant time programming.

In the description: Reeking implies that it smells, wreaking is the word you were looking for.

In 4:16 you said you would link the paper you are referencing, but I cannot the see the url, I guess you forgot it. Please could which paper it is?

To me the thought that people actually even know how the cpu works is unfathomable, but then there's people who want to abuse it that know even more.

Knowing stuff is cool, but being able to explain it to others is the real talent. You managed that on a very complicated topic. Very impressive. Very well done.

Someone at my university was working on a side channel attack that would measure the fluxuations on a power rail of the processor and use that to eliminate possible attempts at crytographic keys. Wild stuff.

As an apple developer I would like to state that there are much more then 1 unfixable bug on apple computers.

I feel like the description given of constant time programming is missing something. If memory accesses are forced to take exactly the same amount of time no matter what, then surely the cache would be removed entirely, since even if something was in the cache, the CPU would have to wait as long as it WOULD have taken to get it from anyway to ensure the operation is constant time, no?

Apple's response: People need to learn to hold their CPU the right way.

Remember, is not a bug, it’s a feature. An NSA feature

I'm thinking that this is three or more orders of magnitude below where my main concerns lie. I'm still trying to figure out how to bypass the ads on KZbin.

Just looked it up, looks like the iPad Pro 12.9-inch and iPad Air use the M1 chip. Now we're one step closer to jailbreaking them!

Last time I was this early I didn’t have kids

if it is a requirement that the timing of a cache hit is the same as a cache miss, the cache has no effect and can be skipped

I like how his shirt says "everything is open source if you can read assembly" 😂

The constant time programming mentioned at 4:55 needs to be emphasized that it only applies to cryptography functions which the paper itself does. A move operation by itself as stated in the video would not run in constant time mode. Thus constant time execution would apply to the example given at 1:50. The paper also presents a solution for Apple to resolve this issue as this exploit only occurs on one of the two processor types. It is not clear if some op codes can be altered to fix this on the main processor cores, though ironically it may very well end up slower on the bigger cores with the patch than the smaller ones. It should also be noted that this exploit also exists on the Intel side of things in at least the 13th generation (and 14th as it is the same as the 13th from a design perspective) of chips per the paper.

If all that's required to access the side channel is for the listener to be running on the same computer, how does that require physical access? All someone would have to do in the hardest case is convince the user to install the listening program.

typo in description. *wreaking havoc. "reeking" means smelling like something.

this channel is by far one of my favorite channels on youtube! Good work, mate! you are awesome!

that's old school hack, you younglings crack me up

Thanks for the quality information. Remember to stay hydrated ❤

tbh if cache adheres to the constant time programming rule, then it's better not to have cache

So, can we have a tool allowing the backing up of the keys from the M1, M2 and M3's before something goes wrong so the flash data can be decrypted in case of recovery? Nice...

I have a many years of infosec experience, and I just want to commend you for doing an excellent job of explaining complex bugs so that they are easy to understand. 👏 Glad KZbin recommended your channel. I'm sub'd now! 😀

This is retro computing at it's peak. Disasters i had long forgotten about, brought back to be enjoyed by a younger audience. So nostalgic, so nice of them shelter bugs that were about to go extinct, those poor bugsies.

Damn this channel is amazing. It has so many cool stuff I didn't know.

Microarchitectural attacks are a very fascinating area of attacks. Unfortunately, the way they are presented in media is often very inaccurate and frankly, contains a lot of straight up factual errors. I get that it is hard to understand such vulnerabilities especialyl without a background in computer science. But sometimes I wish the reporters would try to understand what they are reporting on before writing an article. In the past, people trying to actually understand how such vulnerabilities worked had to read though the paper and try to understand it. A very high barrier of entry for people interested in such topics. Luckily, researchers tend to put out more high-level (but factually accurate) descriptions for many vulnerabilities in recent years. And, quite a few KZbin channels covering such attacks on a deeper level than mainstream media whilst still being "noob friendly" have gained popularity. As a researcher (who is quite new to this field and to research in general), this leaves me very excited for the future, as more and more people interested in this field can find actual information and educate themselves.

Thanks for the video, I was looking 4 info about this matter and your video is quite straightforward, subscribed :)

It's 'funny' to me when companies (e.g., Apple) shrug and say there's nothing to worry about - because you have to have physical possession of the machine in order to do the hack. Except all you need is to be able to run software on the machine, which can be done remotely from anywhere in the world. This reminds me of a time (surely patched by now, though it'd been years unpatched already before I learned about it; I've been on Linux for decades) that Windows had a process running on the desktop as local admin - that you could, nevertheless, simply send it key commands as if you were admin operating the UI. They (Microsoft) also said you had to have local access in order to exploit it, and, once again, they ignored anyone who would have a remote desktop on the machine would have access to exactly that. Yes, there are plenty of hacks that require actual physical access to the hardware (if someone nefarious can physically touch your machine, it's not yours any longer!), but to claim anything hardware based is immune from remote exploit shows either colossal ignorance of security - or a willingness to bold face lie to their customer base. Knowing how many security experts are at Apple, I'm going with the latter.

heard the phrase "side-channel-attack" some two years ago during my undergrad. never googled it to find what it is, thanks for explaining :3

This video was awesome besides the fact that the "if" on your shirt is the only non color-coded word on the shirt despite being the most commonly used.

adding delays is also how they stopped crashes & ddos attacks online in the early days

This is literally Apple's version of the Death Star's exhaust port. To me, this seems far worse than is casually suggested - your cryptographic keys could be leaked by a simple process executed locally.

Somewhat analogous to being able to figure out what is being typed just by hearing the clacking of the typewriter keys…

Sadly, fixing this sounds like it will slow down cpus.

Another example (if possibly an apocryphal one) is that supposedly US government buildings will have spikes in nighttime pizza orders in the leadup to military operations since the people overseeing it will stay up waiting for updates.

Extremely interesting! And detailed, with a lot of pedagogy (lowering stuff to the lewel of the audience). THanks.

My first thought when clicking this video is flashbacks of sorting through unsolicited bug bounty emails at work. So this was nice to not hate watching.

Heard you in ThePrime yt clip. I love that he credited your Twitter but not your yt channel.

This was a great explanation which helped clear my doubts around how this was different from Spectre and Meltdown attacks on Intel chips from the past. Thank you. Just subscribed, hoping to learn and appreciate the world of IT a lot more with you.

What's funny is the fix for all of these side channel attacks it's extremely simple, it's just that nobody thought about it before: a simple CPU flag to enable/disable constant time operations on a per-operation basis. That's it. If the CPU had this, then in code you could target very specific code where it wasn't safe to optimize the cache, like cryptographic functions, but everything else can run fully optimized. If the CPU can mode switch fast enough it also enables less secure but still potentially effective solutions like randomly showing down 5% of cache hits on an operation where you need 100% accuracy to work properly, like encryption/decryption.

Silly question: If move operations are in constant time, regardless of cache hit or not, then what's the point of having a cache?

always amazed at cache/tlb/memory exploits...very deep rabit hole to dwelve into

I love side channel attacks, they are always so interesting and ingenious. Sometimes they can literally look like science fiction like the acoustic or electromagnetic ones.

😂😂😂Apple developers solving 5 hard Leetcode problems to ship a patch

Doing some research for implementing a login process for a web application, I read that you should compare the entire string and then return if true or false, so the amount of time to check is always the same

Your channel is really interesting!

This hugely underplays the impact of this bug in my opinion. In plain language, it means that we're back to any kind of installed program that contains suitable malware (however it chooses to fetch and execute it) being able to compromise everything on your machine and by virtue of that, providing a gateway to the network you are on. How hard is it to get people to install malware? Not very. How difficult it uncommon is it for organised criminals/state actors to release useful free software who's real purpose is to gain machine access? Not very.

If your cache doesn't speed up your processor, you shouldn't have cache. It's such a difficult and frustrating thing to navigate cause the simple solution is just crap.

3:50 I knew Spectre and Meltdown would come up in this! When you said about cache side channel early in the video I thought "didn't Meltdown and spectre involve a side channel attack?" Tho I couldn't remember if it actually involved the cache or just spec exe

It can probably be mitigated by a software update, just like meltdown or specter. There is no way that apple replaces all these devices.

A couple things. If a bad guy has physical access to your machine, it doesn't matter what kind of machine it is, or whether it has some new just discovered vulnerability, you've already lost. Second, sounds to me like there are vulnerabilities in any digital password system, just like there are vulnerabilities in any lock. A skilled picker is going to get in, it's just a matter of time, and the amount of time needed is directly proportional to the skill times the determination. If it's a determined attacker and the information is highly valuable, then computer hacking skills may very well fall wayside to actual physical hacking skills, as in hacking off fingers one at a time till the owner coughs up the password. When deciding on how to invest in security, it's wise to assess ALL the factors.

From what I have seen, this is not a physical access attack.

This conversation is deeply interesting! I remember the time I used to program in Assembly. Great thoughts, btw!

I love episodes like this

Well, I guess soldering everything to the board finally backfired.

Explained a complex problem super super well. Well done.

“Where there is a will, there is a way”

The way this side channel vulnerability takes advantage of the difference between operation speed in branch prediction, reminds me of a bug mentioned in EVE Online lore. There is a way to use a ship equipment module called a data analyzer to gain information regarding when a player owned space station becomes vulnerable to being attacked and destroyed by other players. The description of this module mentions branch prediction vulnerabilities in something called a recursive computing module, which basically is the Eve Online version of a CPU for a space station.

Thanks for explaining something that was incomprehensible previously

Boy, Apple is just having more and more problems this week

Doesn't it invalidate the utility of the cache for an operation to take the same amount of time whether or not it misses? What is the performance cost of requiring operations to run in constant time?

So, if someone steals your Apple Mn (1

Really cool when you jumped on a call with Prime & talked about this topic- hoping that will happen again in the future 😀

Why does this need physical access to a machine, surely this is the same class as Spectre and Meltdown in that you just need to be able to execute code on the target machine, right?

The sentiment that people exist on this earth that know this much resonates. I am still blown away that people figured out how to program IRC into a SNES by just pressing the buttons on a controller programmatically to manipulate the runtime of the SNES itself. I feel dumb.

This was eye opening. Thanks

I've noticed in the past (Windows 7) that if I type my password in *nearly* correct, it's more likely to take a while to process before it tells me it's wrong. If I enter it completely wrong, it almost always tells me right away.

as someone who owns apple hardware and works in IT....shrug. we live in a time where there are vastly more trying to find the exploits than work on the design teams, so there will only be more and more of this. I've patched millions of CVEs in my job, but John and Lisa in marketing are the ones that have gotten us hit with something.

Hey I've got a great idea for the M4. What if we add an instruction that checks for data that looks like IP addresses, and just sends memory dumps to it? Would make logging soo much quicker! /s

I'm such a noob at programming, but I love watching your videos. Almost everything you say goes over my head and you legit seem like a wizard to me. So the fact that this flies even over your head, I can't even fathom it. I am usually inspired to get better when I see better programmers than me, but sometimes when I see people who are such badasses on a whole other level, it kind of demotivates me because it doesn't seem like it's possible for me to ever get even half as good. Anyways, this bug sounds insane!

I have zero technical knowledge and happened to stumble upon this video out of sheer curiosity. There seems to be some questions of ethics regarding unified processes regarding the nature of efficiencies and privacy. The attack also seems novel due to the ability to derive information from the CPU through natural leakages and use this information to build the identity of the CPU such that privacy is violated. It seems like a 'low level' existential attack! Interesting af video. Thanks for uploading!

well, a local bug like this one is good when you need to recover data from your machine when you need to fight the laptop's security.

I just learned about cache memory in uni and this was so interesting, great video!

When keeping it "It's not a bug but a feature" becomes real

I would be a little surprised if any particular key exists long enough and is used to process enough data fast enough (i.e. being resident in cache, not just an SSL network stream stuck in memory) for this attack to be practically executable in a real world situation. The information is statistically recovered so throwing more processing power at the attacking end doesn't help at all. I'd also be surprised if this attack isn't equally effective against almost every other processor made in the past 15(ish) years. Just for people who missed it, this reminds me of simple but still effective attacks where you can recover all typed information from an ssh session just from the timing of the packets being sent.

M1 chip was released two years after Spectre and Meltdown...

I'm going to hazard a guess that if its in the M-series chips its also in the A-series chips that were developed right at the start of the Apple Silicon push. There's a lot of shared infrastructure there.

CIA backdoor was found too fast, lmao.

The prefetch optimisation is not available on M1 or M2 efficiency cores, and the M3 has the ability to disable the optimisation. So, while the research is worthy of great respect and a Phd grant or two, this is not the end of the world. Crypto code can be bound to efficiency cores on M1 and M2, and the optimisation can be disabled for anything that may leak key on M3. When KZbin offered this video to me my instant reaction was click-bait and reminiscent of the tech press reaction to the researchers press release. But your description of the flaw was pretty clear.

This bug requires a very minor fix that's commonly applied on Apple products, the _Buy Another One_ method.

Great video! Clear, concise, and easy to understand

Really incredible security research. Love these kinds of things!

“Like” and “Similar” kinda mean the same thing, so when you started you said your work was not doing this type of thing. I was confused. But the show is great… Love low level learning… at my level.

Cash is king after all.

6:54 could the prefetcher tell a pointer from arbitrary memory at that level if it was implemented differently (while still maintaining a speed advantage)? Or, do they have to just not do that kind of prefetching?

At first it will check the length of the strings and then compare each char

There is an unknown number of unknown side channels in every physical CPU, so you can expect researchers to find more of them in the future for a long time to come.

Anyone not worried because someone needs access to your computer to run the script, go read about the rubber ducky.

I've been wondering how did they make such a fast and efficient CPU. They just skipped safeguards that other vendors had to deal with since meltdown and spectre were discovered.

The year of Asahi Linux??!? /silly

Damn my prof is an author of that paper