Come learn C so this doesn't happen again at lowlevel.academy (there's a SALE)

always terrible when researchers accidentally stumble upon your NSA backdoor :(

The only hard things in computer science are naming things and cache invalidation.

0:15 "It is unpatchable unless you literally go to the store and get different CPU..." If only it can be a thing with Apple

Computer architecture is so much more complicated than most people realize, even many programmers. I remember in college learning about concepts like superscalar pipelining and micro code for the first time. It still fells like there was always something new and complex to learn about computers.

One of the guys who discovered Meltdown/Spectre is my Prof at University

The CIA must be really broken up about this getting discovered.

This reminds me of that one time on the oldest anarchy server in Minecraft when some nerds found out you could punch a block anywhere in the world to 1) see if that chunk is loaded, and 2) see what type of block it is. Well turns out by comparing what chunks are loaded and when against when players log in and out, you're able to figure out which group of chunks is from what player, and track everybody on the server in real time. Then through a long series of punches in those areas, you're able to reconstruct an entire base block for block. Getting all the memory of a process by listening closely to see how long each operation takes reminded me a lot of that.

To me the thought that people actually even know how the cpu works is unfathomable, but then there's people who want to abuse it that know even more.

In the description: Reeking implies that it smells, wreaking is the word you were looking for.

"...constant time programming..." Decades ago, there was a game (something with ghosts in a graveyard ?) for the Z-80 based TRS-80. The game was designed so that an AM radio, placed next to the computer, would pickup RFI in the form of the game's musical soundtrack. Yes, the programmer(s) embedded music into the RFI based on intentionally non-constant time programming.

Knowing stuff is cool, but being able to explain it to others is the real talent. You managed that on a very complicated topic. Very impressive. Very well done.

Someone at my university was working on a side channel attack that would measure the fluxuations on a power rail of the processor and use that to eliminate possible attempts at crytographic keys. Wild stuff.

As an apple developer I would like to state that there are much more then 1 unfixable bug on apple computers.

In 4:16 you said you would link the paper you are referencing, but I cannot the see the url, I guess you forgot it. Please could which paper it is?

I feel like the description given of constant time programming is missing something. If memory accesses are forced to take exactly the same amount of time no matter what, then surely the cache would be removed entirely, since even if something was in the cache, the CPU would have to wait as long as it WOULD have taken to get it from anyway to ensure the operation is constant time, no?

Apple's response: People need to learn to hold their CPU the right way.

Remember, is not a bug, it’s a feature. An NSA feature

I'm thinking that this is three or more orders of magnitude below where my main concerns lie. I'm still trying to figure out how to bypass the ads on KZbin.

if it is a requirement that the timing of a cache hit is the same as a cache miss, the cache has no effect and can be skipped

Just looked it up, looks like the iPad Pro 12.9-inch and iPad Air use the M1 chip. Now we're one step closer to jailbreaking them!

This is retro computing at it's peak. Disasters i had long forgotten about, brought back to be enjoyed by a younger audience. So nostalgic, so nice of them shelter bugs that were about to go extinct, those poor bugsies.

I like how his shirt says "everything is open source if you can read assembly" 😂

This is literally Apple's version of the Death Star's exhaust port. To me, this seems far worse than is casually suggested - your cryptographic keys could be leaked by a simple process executed locally.

tbh if cache adheres to the constant time programming rule, then it's better not to have cache

So, can we have a tool allowing the backing up of the keys from the M1, M2 and M3's before something goes wrong so the flash data can be decrypted in case of recovery? Nice...

Last time I was this early I didn’t have kids

Explained a complex problem super super well. Well done.

Lesson learned: don't download viruses

that's old school hack, you younglings crack me up

heard the phrase "side-channel-attack" some two years ago during my undergrad. never googled it to find what it is, thanks for explaining :3

typo in description. *wreaking havoc. "reeking" means smelling like something.

Well, I guess soldering everything to the board finally backfired.

If all that's required to access the side channel is for the listener to be running on the same computer, how does that require physical access? All someone would have to do in the hardest case is convince the user to install the listening program.

This hugely underplays the impact of this bug in my opinion. In plain language, it means that we're back to any kind of installed program that contains suitable malware (however it chooses to fetch and execute it) being able to compromise everything on your machine and by virtue of that, providing a gateway to the network you are on. How hard is it to get people to install malware? Not very. How difficult it uncommon is it for organised criminals/state actors to release useful free software who's real purpose is to gain machine access? Not very.

It's 'funny' to me when companies (e.g., Apple) shrug and say there's nothing to worry about - because you have to have physical possession of the machine in order to do the hack. Except all you need is to be able to run software on the machine, which can be done remotely from anywhere in the world. This reminds me of a time (surely patched by now, though it'd been years unpatched already before I learned about it; I've been on Linux for decades) that Windows had a process running on the desktop as local admin - that you could, nevertheless, simply send it key commands as if you were admin operating the UI. They (Microsoft) also said you had to have local access in order to exploit it, and, once again, they ignored anyone who would have a remote desktop on the machine would have access to exactly that. Yes, there are plenty of hacks that require actual physical access to the hardware (if someone nefarious can physically touch your machine, it's not yours any longer!), but to claim anything hardware based is immune from remote exploit shows either colossal ignorance of security - or a willingness to bold face lie to their customer base. Knowing how many security experts are at Apple, I'm going with the latter.

Silly question: If move operations are in constant time, regardless of cache hit or not, then what's the point of having a cache?

This video was awesome besides the fact that the "if" on your shirt is the only non color-coded word on the shirt despite being the most commonly used.

Another example (if possibly an apocryphal one) is that supposedly US government buildings will have spikes in nighttime pizza orders in the leadup to military operations since the people overseeing it will stay up waiting for updates.

Sadly, fixing this sounds like it will slow down cpus.

adding delays is also how they stopped crashes & ddos attacks online in the early days

What's funny is the fix for all of these side channel attacks it's extremely simple, it's just that nobody thought about it before: a simple CPU flag to enable/disable constant time operations on a per-operation basis. That's it. If the CPU had this, then in code you could target very specific code where it wasn't safe to optimize the cache, like cryptographic functions, but everything else can run fully optimized. If the CPU can mode switch fast enough it also enables less secure but still potentially effective solutions like randomly showing down 5% of cache hits on an operation where you need 100% accuracy to work properly, like encryption/decryption.

The sentiment that people exist on this earth that know this much resonates. I am still blown away that people figured out how to program IRC into a SNES by just pressing the buttons on a controller programmatically to manipulate the runtime of the SNES itself. I feel dumb.

Boy, Apple is just having more and more problems this week

“Where there is a will, there is a way”

The way this side channel vulnerability takes advantage of the difference between operation speed in branch prediction, reminds me of a bug mentioned in EVE Online lore. There is a way to use a ship equipment module called a data analyzer to gain information regarding when a player owned space station becomes vulnerable to being attacked and destroyed by other players. The description of this module mentions branch prediction vulnerabilities in something called a recursive computing module, which basically is the Eve Online version of a CPU for a space station.

You can either have fast or secure, pick one

Extremely interesting! And detailed, with a lot of pedagogy (lowering stuff to the lewel of the audience). THanks.

What an incredible unforgiveable fuck up.

as someone who owns apple hardware and works in IT....shrug. we live in a time where there are vastly more trying to find the exploits than work on the design teams, so there will only be more and more of this. I've patched millions of CVEs in my job, but John and Lisa in marketing are the ones that have gotten us hit with something.

You can only patch software

always amazed at cache/tlb/memory exploits...very deep rabit hole to dwelve into

It always amazes me how cybersecurity researchers manage to find these exploits. It's like if you realized your neighbor's security camera is resolute enough to see the cuts on your house key, so you change out the key to something that can't be replicated with a photo. They're just so many steps ahead. And yet attackers sometimes manage to get ahead of them and take advantage of these exploits. It's an arms race that 99.99% of people are completely unaware of, yet almost everything in our lives depends on these systems being secure.

😂😂😂Apple developers solving 5 hard Leetcode problems to ship a patch

These are not bugs. These are new innovations for user's privacy and security.

this channel is by far one of my favorite channels on youtube! Good work, mate! you are awesome!

I would be a little surprised if any particular key exists long enough and is used to process enough data fast enough (i.e. being resident in cache, not just an SSL network stream stuck in memory) for this attack to be practically executable in a real world situation. The information is statistically recovered so throwing more processing power at the attacking end doesn't help at all. I'd also be surprised if this attack isn't equally effective against almost every other processor made in the past 15(ish) years. Just for people who missed it, this reminds me of simple but still effective attacks where you can recover all typed information from an ssh session just from the timing of the packets being sent.

Heard you in ThePrime yt clip. I love that he credited your Twitter but not your yt channel.

I found one *fixable* bug in the title of this video: "Researchers FOUND unfixable bug..." (not "find", unless they're still finding it or as if there are more unfixable bugs that are constantly getting discovered).

From what I have seen, this is not a physical access attack.

The prefetch optimisation is not available on M1 or M2 efficiency cores, and the M3 has the ability to disable the optimisation. So, while the research is worthy of great respect and a Phd grant or two, this is not the end of the world. Crypto code can be bound to efficiency cores on M1 and M2, and the optimisation can be disabled for anything that may leak key on M3. When KZbin offered this video to me my instant reaction was click-bait and reminiscent of the tech press reaction to the researchers press release. But your description of the flaw was pretty clear.

Microarchitectural attacks are a very fascinating area of attacks. Unfortunately, the way they are presented in media is often very inaccurate and frankly, contains a lot of straight up factual errors. I get that it is hard to understand such vulnerabilities especialyl without a background in computer science. But sometimes I wish the reporters would try to understand what they are reporting on before writing an article. In the past, people trying to actually understand how such vulnerabilities worked had to read though the paper and try to understand it. A very high barrier of entry for people interested in such topics. Luckily, researchers tend to put out more high-level (but factually accurate) descriptions for many vulnerabilities in recent years. And, quite a few KZbin channels covering such attacks on a deeper level than mainstream media whilst still being "noob friendly" have gained popularity. As a researcher (who is quite new to this field and to research in general), this leaves me very excited for the future, as more and more people interested in this field can find actual information and educate themselves.

What you are explaining is exactly what I am going through, the RSA algorithm

When keeping it "It's not a bug but a feature" becomes real

I love side channel attacks, they are always so interesting and ingenious. Sometimes they can literally look like science fiction like the acoustic or electromagnetic ones.

Why does this need physical access to a machine, surely this is the same class as Spectre and Meltdown in that you just need to be able to execute code on the target machine, right?

Hey I've got a great idea for the M4. What if we add an instruction that checks for data that looks like IP addresses, and just sends memory dumps to it? Would make logging soo much quicker! /s

This bug requires a very minor fix that's commonly applied on Apple products, the _Buy Another One_ method.

It doesn't need physical access to your computer. "Like other attacks of this kind, the setup requires that the victim and attacker have two different processes co-located on the same machine and on the same CPU cluster. Specifically, the threat actor could lure a target into downloading a malicious app that exploits GoFetch." - The Hacker News

well, a local bug like this one is good when you need to recover data from your machine when you need to fight the laptop's security.

“Like” and “Similar” kinda mean the same thing, so when you started you said your work was not doing this type of thing. I was confused. But the show is great… Love low level learning… at my level.

It can probably be mitigated by a software update, just like meltdown or specter. There is no way that apple replaces all these devices.

Well as they say , the only three difficult things about software development are naming things and cache invalidation

M1 chip was released two years after Spectre and Meltdown...

I have a many years of infosec experience, and I just want to commend you for doing an excellent job of explaining complex bugs so that they are easy to understand. 👏 Glad KZbin recommended your channel. I'm sub'd now! 😀

Your channel is really interesting!

>Unfixable unless you go to the store and buy a new computer So just the standard Apple update procedure then?

If your cache doesn't speed up your processor, you shouldn't have cache. It's such a difficult and frustrating thing to navigate cause the simple solution is just crap.

A couple things. If a bad guy has physical access to your machine, it doesn't matter what kind of machine it is, or whether it has some new just discovered vulnerability, you've already lost. Second, sounds to me like there are vulnerabilities in any digital password system, just like there are vulnerabilities in any lock. A skilled picker is going to get in, it's just a matter of time, and the amount of time needed is directly proportional to the skill times the determination. If it's a determined attacker and the information is highly valuable, then computer hacking skills may very well fall wayside to actual physical hacking skills, as in hacking off fingers one at a time till the owner coughs up the password. When deciding on how to invest in security, it's wise to assess ALL the factors.

I love episodes like this

In this specific case, the idea of constant time programming is on the implementation of the encryption algorithms, not on the CPU runtime of the instructions. The underlying issue is that the data that the implementation uses can be understood by the CPU as memory addresses, so based on the side-channel attach, another process can know that the implementation (at some point) produced some data that has that specific shape. The proposed solution in the paper and by other CPUs that have the same optimisations is adding an instruction that prevents this behaviour, even when in my (highly subjective) opinion something like CHERI would be a better solution.

I'm such a noob at programming, but I love watching your videos. Almost everything you say goes over my head and you legit seem like a wizard to me. So the fact that this flies even over your head, I can't even fathom it. I am usually inspired to get better when I see better programmers than me, but sometimes when I see people who are such badasses on a whole other level, it kind of demotivates me because it doesn't seem like it's possible for me to ever get even half as good. Anyways, this bug sounds insane!

I've been wondering how did they make such a fast and efficient CPU. They just skipped safeguards that other vendors had to deal with since meltdown and spectre were discovered.

Cash is king after all.

I have zero technical knowledge and happened to stumble upon this video out of sheer curiosity. There seems to be some questions of ethics regarding unified processes regarding the nature of efficiencies and privacy. The attack also seems novel due to the ability to derive information from the CPU through natural leakages and use this information to build the identity of the CPU such that privacy is violated. It seems like a 'low level' existential attack! Interesting af video. Thanks for uploading!

At first it will check the length of the strings and then compare each char

Doesn't it invalidate the utility of the cache for an operation to take the same amount of time whether or not it misses? What is the performance cost of requiring operations to run in constant time?

So, if someone steals your Apple Mn (1

Doing some research for implementing a login process for a web application, I read that you should compare the entire string and then return if true or false, so the amount of time to check is always the same

Really incredible security research. Love these kinds of things!

It is frankly hard to believe this was not anticipated.

CIA backdoor was found too fast, lmao.

Fascinating, but as an everyday user I wouldn’t get my knickers in a knot about this. Things are very grim if hackers want to use this to gain access to my online mail order dog food account.

This was eye opening. Thanks

My first thought when clicking this video is flashbacks of sorting through unsolicited bug bounty emails at work. So this was nice to not hate watching.

YESSSS I really want one of these and I reaaaally hope this brings the price down

Apple response: "No, YOU'RE wrong because you're trying to make MacOS behave like Windows, which doesn't have this problem"

Thanks for the quality information. Remember to stay hydrated ❤

Seems like we’ve really passed our “Jurassic Park Moment” in computing. We’ve devised systems of such incomprehensible complexity that it is certain that these types of bugs exist and the inevitable conclusion is that eventually some bug like this will lead to some significant hack. Like a 9-11 level event that changes the world situation forever.

when researchers found goverment's backdoor