Want early access to new videos and some behind the scenes content? Consider becoming a channel member kzbin.info/door/QvW_89l7f-hCMP1pzGm4xwjoin

Really like the off-the-cuff, unrehearsed style! Came from your more scripted full-length videos and still definitely enjoy those, but this feels like a lecture with someone who is really in their element, and that scratches an entirely different itch.

After watching your video I checked out some of the articles online regarding this. It's funny to read 1) Their different attempts to reword the paper into simpler terms for people to understand, and 2) the level of scaremongering used from article to article - some are very upfront about the fact that this isn't something to worry about right now, while others are very happy to leave you in the dark about if you're safe or not. Great video.

Really been enjoying your content lately, thanks for doing what you do. You answer a lot of questions I had as a kid playing games and never bothered to find out now as an adult in software engineering. A comment on your presentation where you illustrate by hand, this is something I’ve been dabbling with in my team at work and I’ve found that using different colours makes it not only more interesting, and thus more likely for people to follow along, but also easier to separate things or group common ideas, which makes it easier to follow along.

"local": unless i'm mistaken, local access doesn't mean physical access, it means a process running on the machine. (this is in contrast to remote attack, e.g. by sending malformed network packets). local: so an attacker still somehow needs to get code to execute on your machine. * that could be code executed by another user on the same machine. generally a situation In server environments, e.g. on a shared host. * on a client device, that could be another process, e.g. a website, because a browser executes the JavaScript. JavaScript just being an example here. To my knowledge, browsers now all slightly abstract the clock as javascript sees it, so that javascript can no longer do timing attacks. it could also be an app from the app store, that despite having restricted access executes on the same cpu you could say. summary: "local": should not need physical access, but will still need some way to get a user or machine to execute your code.

You are the GOAT. Been watching your videos when u had a few hundred subs and good to see how the channel is growing

Great video. It's nice for someone to go a bit more into the finer details of the attack rather than just harping on "It's in hardware! It's unfixable! Ohmygod ohmygodohmygod, P A N I C!!!111!!eleven!!" part. (Yes, I am late to the party. Been figuratively literally living under a rock for the past few months and am currently catching up on tech news ;) One minor correction though: Being a "local attack" does not mean "requiring physical access". No one needs to sit at your machine for this exploit. They'd only need to be able to run code on your machine, which sets the bar far lower as that could be done remotely, especially if your machine is already compromised (say by being infected with a virus). Hell, there are even ways to run code on your machine without compromising it (JavaScript, anyone?), though those are most likely unsuited for such highly timing-sensitive attacks at this, so I'd assume your machine would need to be already compromised for this attack to be realistically feasible. Still, whether you should be concerned about this attack with your threat model isn't something any article or KZbin video can tell you. Sorry to say, that'd be something you'd have to decide for yourself.

Another killer video Nathan, fast becoming the best (and most entertaining) engineering content on YT. I work in applied crypto. Funny that OpenSSL don’t care as local exploit out of scope, I mean they care enough to implement constant time functions for crypto in the first place and this only protects against local side channel anyway. Also with M3 and above you can use chicken bits to disable the DMP during critical path.

I quite like this format, I'd definitely enjoy seeing more technical deep-dives into vulnerabilities like this. Also yes lattice cryptography is still a big thing in post-quantum cryptography (27:31). In 2022 NIST released 4 quantum-resistant crypto algorithms and three of them were based on lattice cryptography

Half the time i have no idea what your talking about. Sounds like gibberish yet i keep coming back. 😂 Keep up the great work. I like this on the fly kind of video. 🤙

I think you mentioned it right at the end that it could be part of a payload/remote exploit - but what part of the process needs local access to the computer? It seems like you're just running some very unique code for sure, but still just code nonetheless. Regarding the multi hour part, surely you're also fine to scale that back, run it at 10% speed to not be noticed and accept you're going to get a result in a day or two rather than a trip to the movies. I would guess timing would be the most tricky, but I would guess that should just fall down to counting CPU cycles, not hooking up a multi-GHz oscilloscope. I don't know a huge amount about crypto, so excuse my ignorance :)

From my understanding, the M3 chips have the ability to turn off DMP for a performance hit unlike the M1/M2 which do not have this ability. Has anyone heard anything about Apple pushing out a patch to allow users to disable the prefetching just in case?

Love the hands on explanation. Definitely helps me cut trhough the high level stuff which I always have trouble understanding.

Great video Nate , the details and drawings really help me understand what's going on with he M1 chip

I remember a while back PHP hd an exploit similar to this, new functions were added and patched to make them time safe, I have no idea how to phrase that, anyway, thats my personal experience of this type of attack and it's super interesting to see it on a hardware level even though I have zero understanding of whats going on I can follow along, another great vid cheers man.

😳 Excellent review Nathan, thank you for explaining this so well! 👍👍👍

Your explanations and knowledge distillation are exquisite. Thank you very much for sharing!

Well, I'd say the second attacker has a process running on the system itself, physically, all bets are off. That's a total failure of security in that point and it's obvious that it'll fall outside of SSL threat model. The same as if someone has physical access to a switch, then the network security has been breached and all bets are off.

15:50 Wow nice explanation of how can run a function at constant time. It's interesting at the beginning of video, how can use timing to get more info, when it checks each letter in a loop. 👍

There's an important detail missing from the paint example when doing DH key exchange. Although the common paint colour is known to an attacker, it must also be a colour that must not be able to be manipulated by an attacker too.

As a dev I really appreciate your videos, thank you so much!

The article says the malicious code needs to run locally on the machine. Why are you saying that the attacked needs to be physically sat at the computer?

Is game hacking even a challenge to you at that point? Outstanding video! Love all your stuff!

I was just wondering if you would look into this. Thanks for the great explanation

Excellent explainer! I'd love to see more unscripted videos that 'breakdown' whitepapers or like you said, go a little more in depth.

Did you mean arrays are stored contiguously? I hadn't heard it referred to it as congruantly. Just wondering

Dude you really know your stuff!

Great intro and deeper dive! BTW: i think you meant Contiguous instead of congruent.

Interesting Video. I like this format as well.

How this could be unpatchable on M1, M2 and M3 since there is a special bit on M3 to disable DMP ?

I'm only 15 minutes in, but as someone stuck on Windows 10 because of Spectre, I'm not happy knowing my M1 was the computer I bought to replace it... as soon as you started getting into side channel attacks on the CPU cache my heart sank.

Super interesting! (and well explained)

Is just M1 affected or the entire architecture aka A14 (Icestorm/Firestorm)? What about M2 and A15(Blizzard/Avalanche)? A16(Sawtooth/Everest)? A17 Pro?

Can you test that on your Mac?

your videos are gold!

I do not really understand why I would need to be at your computer in order to break these, because all I need is that you are running my program while at your computer - like you can put this in an application or a game silently. I see nothing about this not being able to do remotely - pretty much the opposite.

Would you or someone be willing to make a M Chip vulnerability for dummies video? Explaining it to your granddad if he was interested in buying a new MacBook this month. This granddad has not yet found a video or article yet dumbed down enough.

How do Intel and AMD processors differ from that? Why don't other processors leak or do they?

impressive way to quickly take advantage of recent news props

Say the attacker could crack it in say a minute, what would that give them the ability to do? Don't they already need local access to the PC?

Is it OK if I call you the Froddo Baggens of Reverse Engineering?

Apple be like "let's invent the next Spectre bug"

Your explanation was really great ... Then you did was a lot of apple fan did ... You said "someone needs to be sat 2.5 hours at your machine" ... It is wrong ... Totally wrong and you know it: any application and/or service on the machine, that would have a RCE (remote code execution) flaw, would permit to run the code... And that app / service flaw does NOT even need to have specific permissions on the system: could be your browser, your download app... The answer from openssl is totally normal: since IT NOT there concern ! It is Apple concern and openssl cannot patch it !

Sleep a random number of ms each iteration of char[I] == char. Just to mess with the brute force hackers 😂

don't wanna use an unsafe prime .. what my old man always told me ..

Does this add to the attack surface of the setup app so it can be bypassed? I've a legitimately purchased activation locked M1 Macbook Pro that Apple simply refuses to unlock even though I provided them with the motherfucking receipt. (It was a company device that was on loan to someone and they RMA'd it & never removed the device from their icloud)

It’s a good video, but the number of adverts is way over the top. For a 30-min video there were approximately 7 ad breaks. It comes across as greedy, unfortunately.

but this poses a real threat for stolen devices, no?

So, one has to be talented enough to pull this off and it’s more difficult remotely?

Sounds like this would be a bad time to get your m1-m2 stolen lol

People are hyperventilating about this because they are worried about their private keys being stolen and then they lose or their crypto. And say things like don’t connect to a public WiFi under any circumstances. And giving every M1 user the impression that they should never buy an Apple computer because the are now fu___ed. However, having watched your great video, it seems that the attack vector is pretty low. How a person might choose to hack somebodies computer to steal private keys is probably more simple. Such as observing the keys entered into the keyboard either visually or remotely. And then just logging in and exporting the private keys. Would you agree that KZbinrs are being way to scare mongering ? And also, is it really impossible to fix ?

In my understanding it was not a mistake…because only programmers can do this.

So what, practically, can this be used to do by an attacker? Break Filevault? Reveal passwords? I think maybe I'm not smart enough to fully understand it entirely. Ha.

whoah sir!

Are t'authors from Yorkshire? (ey up)

Was the thumbnail AI generated?

so this exploit is realistically unusable.

Hello Great Sirs :D

Crash different, total garbage!

:3