Apple’s M-Series security – promises ≠ perfection

“GoFetch” is in the tech news cycle this week.

Hopefully you know whether you have an Apple M-Series Mac. The M-Series (aka Apple silicon) computers advanced better performance and energy efficiency. How about security? – faster data pipelining is tricky (via so-called optimizations). Obscurity’s no guarantee (like, really, the front door key’s not in a nearby flower pot, eh).

This article (below) provides an overview of the situation (and references for more technical detail). The author uses a car safety analogy to frame advice for the latest security vulnerability. No need to panic (and there’s no recall, like for a car).

Hopefully most people understand what encryption is – how it keeps our data and communications safe. Like spy-versus-spy stuff, eh.

• PC World > “Apple’s unfixable CPU exploit: 3 practical security takeaways” by Alaina Yee (Mar 22, 2024) – After Intel’s and AMD’s past vulnerabilities, Apple’s vulnerability demonstrates that security is a dynamic goal.

As reported by Ars Technica, this security flaw allowed academic researchers to pull end-to-end encryption keys from Apple’s processors, using an app with normal third-party software permissions in macOS. Called GoFetch, the attack they created works through what’s called a side-channel vulnerability – using sensitive information discovered through watching standard behavior. It’s a bit akin to observing armored-car guards carry bags out of a business, and valuing the contents based on how heavy they seem (e.g., gold vs. paper cash).

… you should create a multilayered approach to protecting yourself, … Think of it like a car – we know that a car crashes happen, with deadly results. Over time, we’ve mandated seatbelts, upgraded materials to have better force absorption, standardized airbags, switched to anti-lock brakes, devised proximity detectors and audio warnings, and more, all to improve safety.