Come learn C so this doesn't happen again at lowlevel.academy (there's a SALE)

@peppybocan

2 ай бұрын

should I buy a new mac?

@negativeseven

2 ай бұрын

C, the notorious bug killer

@oniimaxxxx6479

2 ай бұрын

Fix your website first

@macgyverswissarmykni

2 ай бұрын

​@@negativesevenIt's the safest language out there

@mmkamron

2 ай бұрын

@@oniimaxxxx6479 🤣🤣

always terrible when researchers accidentally stumble upon your NSA backdoor :(

@isbestlizard

2 ай бұрын

As they say, when one door closes, another one opens...

@ereder1476

2 ай бұрын

​@@isbestlizard ... And hit your balls ...

@TomNimitz

2 ай бұрын

NSA be like "Damn, we've been outed." ISIS and others be like "Time to switch to Lenovo." China be like "Sounds good. More data for us."

@arthurdent5357

2 ай бұрын

It doesn't close though, since it's unfixable.

@brianhirt5027

2 ай бұрын

Nah. NSA prefers it's math nerd probablistic cracks. Nobody but NOBODY at the NSA interested or capable of doing field work. If this fault is only locally accessible you can count NSA out of the running to take advantage of.

The only hard things in computer science are naming things and cache invalidation.

@Jeremy-rg9ug

2 ай бұрын

I like this variant: The two hardest things in computer science: naming things, cache invalidation, and off by one errors

@cinderwolf32

2 ай бұрын

​@@Jeremy-rg9ug And cache invalidation

@theninjascientist689

2 ай бұрын

That's just a 0 indexed array

@theninjascientist689

2 ай бұрын

conditions and race

@traywor1615

2 ай бұрын

@@cinderwolf32 I think we forgot cache invalidation.

0:15 "It is unpatchable unless you literally go to the store and get different CPU..." If only it can be a thing with Apple

@no_name4796

2 ай бұрын

"Oh you want a safe cpu, without any (found) vulnerability? That's gonna cost you 2000$ for a mac, thanks!"

@Eutropios

2 ай бұрын

Unpathcable?

@David_Box

2 ай бұрын

@@no_name4796Nah, Apple would try to spin it like it's a good thing: "In accordance with the fact that we truly care about our customers, we've generousely decided to offer separate replacement cpus for the price of a whole new pc, just for this occasion. (official replacement procedure costs 7 grand extra)"

@Spiker985Studios

2 ай бұрын

@@Eutropios Meant to be unpatchable

@nefrace

2 ай бұрын

@@Eutropios thanks for noticing my typo (:

The CIA must be really broken up about this getting discovered.

@phillippereira6468

2 ай бұрын

how do you know what they use

@andrewferguson6901

2 ай бұрын

@@phillippereira6468 apple patched it pretty quickly with the m2, right? Seems reasonable that it was discovered and addressed in private in the interest of national security

@numb0t

2 ай бұрын

Apple is trash anyways

@geekswithfeet9137

2 ай бұрын

@@andrewferguson6901 it’s not patched, I don’t know where you’re getting that information

@toddmaek5436

2 ай бұрын

@@andrewferguson6901 maybe it was placed there to begin with "in the interest of national security"

Computer architecture is so much more complicated than most people realize, even many programmers. I remember in college learning about concepts like superscalar pipelining and micro code for the first time. It still fells like there was always something new and complex to learn about computers.

@Bob-em6kn

2 ай бұрын

So true. And most of the time, they are not important until they are.

@delarosomccay

2 ай бұрын

I was so proud of building my first CPU and ISA in an EE class I was taking in the 90s. Then I learned about superscaler pipelining and micro code, and realized I knew nothing :P. My little ISA and CPU is an Arduino at best :P Still though, I love this job. It helps to understand how things work under the hood when writing code.

@jbird4478

2 ай бұрын

@@delarosomccay Yes, it helps to understand how things work under the hood to some extent, but modern CPUs are mindblowingly complex. For programming it helps to grasp the bigger picture of it, but the details are honestly way above my skill and paygrade to understand.

@BrandyBalloon

2 ай бұрын

@@jbird4478Back in the 80's, I was able to understand in detail how every part of my computer worked. In the 90's the details started to become challenging. Anything made this century I have no chance, it's hard enough just at a conceptual level.

@TheAwillz

2 ай бұрын

Yeah tbf the levels of abstraction are wild

One of the guys who discovered Meltdown/Spectre is my Prof at University

@LowLevelLearning

2 ай бұрын

Niiiiiice

@maximilianstallinger735

2 ай бұрын

tug student spotted

@veis2208

2 ай бұрын

@@maximilianstallinger735 😂

@LolSalat

2 ай бұрын

you're at CISPA or Graz? xD

@tstahlfsu

2 ай бұрын

Woah!

In the description: Reeking implies that it smells, wreaking is the word you were looking for.

@afrofantom6631

2 ай бұрын

it does reek cause this is some bullshit

@noth1ngnss921

2 ай бұрын

Yep. I think he might have confused 'wreak' with the figurative use of 'reek' (ie. ”This reeks of [a bad thing that might not smell in the literal sense]”).

@pah967

2 ай бұрын

maybe he meant its a stinky bug

@anon_y_mousse

2 ай бұрын

If enough people keep making this error they'll just change the dictionary. Sad.

@walrusmedia924

2 ай бұрын

It does reek because this code smells

Knowing stuff is cool, but being able to explain it to others is the real talent. You managed that on a very complicated topic. Very impressive. Very well done.

@Tech-geeky

Ай бұрын

but if he didn't understand what was talked about either, its just nonsense. Perhaps its more "I know, but let you read it yourself because if I explain it, will go over everyone's head; ...or could just be he has no idea:)

This reminds me of that one time on the oldest anarchy server in Minecraft when some nerds found out you could punch a block anywhere in the world to 1) see if that chunk is loaded, and 2) see what type of block it is. Well turns out by comparing what chunks are loaded and when against when players log in and out, you're able to figure out which group of chunks is from what player, and track everybody on the server in real time. Then through a long series of punches in those areas, you're able to reconstruct an entire base block for block. Getting all the memory of a process by listening closely to see how long each operation takes reminded me a lot of that.

@pawek02

2 ай бұрын

is there a video about it?

@keent

2 ай бұрын

@@pawek02 yep there's a good documentary about it but forgot the title and channel

@mz7315

2 ай бұрын

@@keent its called fitmc.

@iwolfman37

2 ай бұрын

Just say 2b2t, everybody knows it, it's not a secret

@HunsterMonter

2 ай бұрын

@@iwolfman37 The meme is that everyone refers to 2b2t as "the oldest anarchy server in Minecraft"

"...constant time programming..." Decades ago, there was a game (something with ghosts in a graveyard ?) for the Z-80 based TRS-80. The game was designed so that an AM radio, placed next to the computer, would pickup RFI in the form of the game's musical soundtrack. Yes, the programmer(s) embedded music into the RFI based on intentionally non-constant time programming.

@stringlarson1247

Ай бұрын

I remember those days.

@user-em8ip9ys9z

Ай бұрын

I used the TRS-80 when I was 13. My middle school bought a few of them and would let students sign up to take them home over the weekend. The ROM had a BASIC interpreter and supported a cassette tape player for mass storage. I never tried to do assembly code for the thing, but I understood that the games I played were written in assembly/machine code.

To me the thought that people actually even know how the cpu works is unfathomable, but then there's people who want to abuse it that know even more.

@vincentlemoine3830

2 ай бұрын

You need people who know how to make them to begin with

@Freshbott2

2 ай бұрын

Often the people who find CPU vulnerabilities are people who design them

@zackbuildit88

2 ай бұрын

Most CPU stuff isn't really that hard. Really, the only hard thing about CPUs is the fact that they're all made to use X86 these days, and X86 specifically is RIDICULOUSLY overcomplicated

@Freshbott2

2 ай бұрын

@@zackbuildit88 maybe for something like RISC V, but for any mainstream ISA including ARM it’s just absurd. Jim Keller’s own words - the ARM instruction set is just unfathomably complex.

@rakasaac2197

2 ай бұрын

I mean, ask any random Joe on the street how a CPU works and 99% of them won’t give a sufficient answer.

As an apple developer I would like to state that there are much more then 1 unfixable bug on apple computers.

@WinstonSmithGPT

2 ай бұрын

As an Apple user I would like to state that is very obvious.

@patrickday4206

2 ай бұрын

What you mean Apple hardware isn't perfect??? 😂😂😂

@alcapoontangmooseinthepoos2310

2 ай бұрын

ok nerd

@nathantaylor2026

2 ай бұрын

Y’all do some weird stuff, I reverse engineer macOS on a regular basis for fun Some of the stuff you guys do is odd to say the least

@697_

2 ай бұрын

@@nathantaylor2026 said the guy who reverse engineers macOS for fun

In 4:16 you said you would link the paper you are referencing, but I cannot the see the url, I guess you forgot it. Please could which paper it is?

@LowLevelLearning

2 ай бұрын

Fixed sorry

@JinskuKripta

2 ай бұрын

@@LowLevelLearning thanks sir

Someone at my university was working on a side channel attack that would measure the fluxuations on a power rail of the processor and use that to eliminate possible attempts at crytographic keys. Wild stuff.

@lbgstzockt8493

2 ай бұрын

Power based side channel attacks are really "common", it's part of why secure programs sometimes use branchless programming so you can't correlate power draw and process state as easily.

@catcoder12

2 ай бұрын

It's quite common. Over the air power analysis is also one way

@scootergirl3662

2 ай бұрын

Side channel attacks are cray cray

@illegalsmirf

2 ай бұрын

that's interesting, I thought uni was only for people with nose rings, neon-colored hair and 'right opinions' on gender and social justice

@averdadeeumaso4003

2 ай бұрын

@illegalsmirf Those you mention are in the "humanities", this is on the "Exact" department

Apple's response: People need to learn to hold their CPU the right way.

@FLMKane

2 ай бұрын

Tracks

@bob_mosavo

2 ай бұрын

Exactly‼🤣🤣😂😂

@josephbenjamin6426

2 ай бұрын

🤣🤣🤣 Classic…

@markhathaway9456

2 ай бұрын

User: I tried holding the rabbit ears different ways, then I shook it and tapped on it, but what really worked was when I crushed it with a hammer. No more bugs. Apple dweeb: Oh yea, we've heard that from some other loyal users too.

@user-hp3id9lg6j

2 ай бұрын

It's a feature.

Remember, is not a bug, it’s a feature. An NSA feature

@Tech-geeky

Ай бұрын

just about everything is. or maybe people are are in denial..... You choose.

@inverlock

Ай бұрын

NSA doesn’t need this LOL

@Tech-geeky

Ай бұрын

​@@inverlock Correction.. NSA has not mentioned it, so the *assumption* is "they don''t". There is no truth to that, but there is also no true they don't either.

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs. Additionally, input blinding can help some cryptographic schemes avoid having attacker-controlled intermediate values, avoiding key-dependent DMP activation. So while it not “patchable” You still can prevent it.

@yukinoryu

2 ай бұрын

But at what cost? :)

@tezcanaslan2877

2 ай бұрын

@@yukinoryu maybe a slight performance hit?

@daasdingo

2 ай бұрын

That bit only exists on M3 and Intel 13th gen. It does not work for M1 and M2. For these, input blinding seems to be the only mitigation, at least according to the exploit's website. However, it seems that input blinding might not work for all cryptographic algorithms (at least the website seems to imply that, if any experts could clear that up, would be great!)

@jasonthomashorn4794

2 ай бұрын

DOS the CPU to force it to only run when blinding is off. It would take longer to peek the key but doesn't fully stop it.

@KimeeZM

Ай бұрын

​@@daasdingo I believe you're correct. The DMP prefetcher is only available in apple M and Intel Raptor Lake (and likely upcoming chips from more manufacturers). The DIT bit which is supposed to disable DMP on the apple M1 and M2 is non or mal functional, which means that the these chips need input blinding code. M3 and Intel can use the bit to avoid DMP.

I feel like the description given of constant time programming is missing something. If memory accesses are forced to take exactly the same amount of time no matter what, then surely the cache would be removed entirely, since even if something was in the cache, the CPU would have to wait as long as it WOULD have taken to get it from anyway to ensure the operation is constant time, no?

@maddoggLP

2 ай бұрын

That was my thought too. If the cpu needs to pretend the cache hit took as long as a memory fetch then why bother in the first place

@ericelfner

2 ай бұрын

Description was incorrect. I asked my son the same question. It is _much_ more complicated... It involves the malicious code predicting cache locations used, filling those with own values, then seeing if overwritten by using the access timing, and probably much more that he left out or I could not absorb...

@Howtheheckarehandleswit

2 ай бұрын

@ericelfner That describes the problem that constant time programming would solve: if cache hits and misses take the same amount of time, then you can't get any information out of dumping part of the cache and then timing other processes to see if they access it. My question is, if constant time programming makes them take the same amount of time, why have a cache at all? My guess is that there's probably some specialized set of constant time operations that are very slow but can be used with extremely sensitive data, in addition to the normal variable time operations, but that wasn't explained in the video, which I think it should have been

@broski40

2 ай бұрын

@@ericelfneryes!! also bleeds into any Iphone nearbye. Its a big problem as it destroys your logic board by writing over ssd so much. I have a 2021 imac m1 that has had 3 logic board replacements(they paid $700/board). also that its not a bug it is a feature for some, very unsafe feature!! my first mac and iphone because i thought they would be a little more safer then others....wrong again! Good day sir + smart son!

@jordanrodrigues1279

2 ай бұрын

​@@Howtheheckarehandleswit Unfortunately those instructions don't exist, and because of the way memory modules work, they *can't* guarantee constant time to a high degree of precision. There's a complicated shuffling of so called "physical" addresses to the actual physical circuits. This is done for load-balancing reasons and possibly to mitigate row-hammer attacks. There's also a timing interaction between addresses and memory refresh commands. So what programmers do is: don't allow sensitive data values to determine the order in which memory accesses are requested or the addresses they use - just like you don't allow that data to influence branch instructions. We *know* this isn't completely watertight. Intel in particular has data dependent prefetch and there's no way for a normal application to turn it off. (It's possible for something in kernel mode to configure regions of memory without cache - very slow, accesses do go straight to the memory controller or IO interfaces. In practice this is used for control registers that belong to peripheral devices. Still isn't 100% constant time because those read-write operations pass through different clock domains, different bus protocols and whatever kind of IO queuing and reordering that implies.)

I'm thinking that this is three or more orders of magnitude below where my main concerns lie. I'm still trying to figure out how to bypass the ads on KZread.

@Rocksaplenty

2 ай бұрын

Brave browser works seamlessly on mobile and on windows.

@dsmb9296

2 ай бұрын

uBlock

@D.von.N

2 ай бұрын

Brave browser.

@kylespevak6781

Ай бұрын

I haven't had them for years 🤷

@ratedRblazin420

18 күн бұрын

Adblock lmao, and Revanced for Android

if it is a requirement that the timing of a cache hit is the same as a cache miss, the cache has no effect and can be skipped

I like how his shirt says "everything is open source if you can read assembly" 😂

@pah967

2 ай бұрын

well.. technically .. yes

@natescode

2 ай бұрын

Assembly is rarely the source code though

@eksortso

2 ай бұрын

Which is wrong. Just because you can read the source doesn't mean they'll let you use it. Seriously, I hated the shirt so much that I stopped the video after reading it. (I'm watching it again for the first time now.)

@arjundureja

2 ай бұрын

@@eksortso Open source doesn't mean it's free to use either, it depends on the license.

@Blitterbug

2 ай бұрын

@@eksortso Way to deliberately misunderstand a sentence. It means, 'as opposed to secret, commercial, closed-source projects like Windows'. It obviously doesn't mean you get to use reverse-engineered coder as if it's FOSS. Gah!

Last time I was this early I didn’t have kids

@PythonPlusPlus

2 ай бұрын

Congratulations?

@rya3190

2 ай бұрын

Do you have kids now?

@Arch-Propagandist-Sage

2 ай бұрын

You are the fastest man alive sir.

@Horopter

2 ай бұрын

Bro is flexing his one pump chump pull out game. 🎉😂

@NeunEinser

2 ай бұрын

Are the kids now grown up enough to get their own home?

Just looked it up, looks like the iPad Pro 12.9-inch and iPad Air use the M1 chip. Now we're one step closer to jailbreaking them!

this channel is by far one of my favorite channels on youtube! Good work, mate! you are awesome!

This is retro computing at it's peak. Disasters i had long forgotten about, brought back to be enjoyed by a younger audience. So nostalgic, so nice of them shelter bugs that were about to go extinct, those poor bugsies.

@brandonhoffman4712

2 ай бұрын

So you forgot about specter and meltdown? Ever heard of stuxnet? If not check out how America might have (never claimed guilt) stifled Iran's nuclear program for years.

This is literally Apple's version of the Death Star's exhaust port. To me, this seems far worse than is casually suggested - your cryptographic keys could be leaked by a simple process executed locally.

@Skullet

Ай бұрын

Not just Apple, this also effects 13th gen Intel CPUs.

Really cool when you jumped on a call with Prime & talked about this topic- hoping that will happen again in the future 😀

I have a many years of infosec experience, and I just want to commend you for doing an excellent job of explaining complex bugs so that they are easy to understand. 👏 Glad KZread recommended your channel. I'm sub'd now! 😀

So, can we have a tool allowing the backing up of the keys from the M1, M2 and M3's before something goes wrong so the flash data can be decrypted in case of recovery? Nice...

tbh if cache adheres to the constant time programming rule, then it's better not to have cache

@erikkonstas

2 ай бұрын

Yeah what I was thinking 😂 but shh their marketing overlords would have a Meltdown (hehe) over this...

@arthurdent5357

2 ай бұрын

But what about the backdoor then?

@AlexPerat

2 ай бұрын

*if the entire cache adheres. That's why some parts do and some don't. The fact they didn't do it at the point where they should have is the reason of this vulnerability

This was a great explanation which helped clear my doubts around how this was different from Spectre and Meltdown attacks on Intel chips from the past. Thank you. Just subscribed, hoping to learn and appreciate the world of IT a lot more with you.

Thanks for the video, I was looking 4 info about this matter and your video is quite straightforward, subscribed :)

It's 'funny' to me when companies (e.g., Apple) shrug and say there's nothing to worry about - because you have to have physical possession of the machine in order to do the hack. Except all you need is to be able to run software on the machine, which can be done remotely from anywhere in the world. This reminds me of a time (surely patched by now, though it'd been years unpatched already before I learned about it; I've been on Linux for decades) that Windows had a process running on the desktop as local admin - that you could, nevertheless, simply send it key commands as if you were admin operating the UI. They (Microsoft) also said you had to have local access in order to exploit it, and, once again, they ignored anyone who would have a remote desktop on the machine would have access to exactly that. Yes, there are plenty of hacks that require actual physical access to the hardware (if someone nefarious can physically touch your machine, it's not yours any longer!), but to claim anything hardware based is immune from remote exploit shows either colossal ignorance of security - or a willingness to bold face lie to their customer base. Knowing how many security experts are at Apple, I'm going with the latter.

that's old school hack, you younglings crack me up

This conversation is deeply interesting! I remember the time I used to program in Assembly. Great thoughts, btw!

heard the phrase "side-channel-attack" some two years ago during my undergrad. never googled it to find what it is, thanks for explaining :3

@man_in_space

Ай бұрын

I remember first hearing it in 2010 for the _TRON: Legacy_ ARG. It was kind of implied that you trying to find Flynn by participating in one let CLU find out about the outside world.

Extremely interesting! And detailed, with a lot of pedagogy (lowering stuff to the lewel of the audience). THanks.

@Tailspin80

2 ай бұрын

…and by using a word no one has heard of simultaneously showing your audience they are lower.

@jimgardner5129

Ай бұрын

Not low enough for me. Still working on "2 + 2 = 4."

@dragoons_net

Ай бұрын

@@Tailspin80 Yes we are, at least me, this watching to learn, big time!

@dragoons_net

Ай бұрын

@@jimgardner5129 ASM...

Explained a complex problem super super well. Well done.

@brandonhoffman4712

2 ай бұрын

And now we need a super super Mario!

My first thought when clicking this video is flashbacks of sorting through unsolicited bug bounty emails at work. So this was nice to not hate watching.

If all that's required to access the side channel is for the listener to be running on the same computer, how does that require physical access? All someone would have to do in the hardest case is convince the user to install the listening program.

@arofhoof

2 ай бұрын

This, it seems this attack doesn't need physical access? can someone confirm?

@spotlight_is

2 ай бұрын

this sounds scary, allowing for existing apps to upgraded automatically that would listen in via osx caching api + timers/custom cleverness.

@M0du5Pwn3n5

2 ай бұрын

It doesn't. This is a catastrophic vulnerability and it is wildly irresponsible to say "rest assured". You should not rest remotely assured. Any executable running on your machine can steal crytographic keys from any other process. Download a game from Steam? Screwed. Download a tool? Screwed. Does anything on your PC autoupdate? Screwed.

@DDracee

2 ай бұрын

the attack itself is "easy", the harder part is getting that info back to the attacker, which in that case would require the same sort of malware as usual anyway

@spotlight_is

2 ай бұрын

@@DDracee all corporations are saints with honor

What's funny is the fix for all of these side channel attacks it's extremely simple, it's just that nobody thought about it before: a simple CPU flag to enable/disable constant time operations on a per-operation basis. That's it. If the CPU had this, then in code you could target very specific code where it wasn't safe to optimize the cache, like cryptographic functions, but everything else can run fully optimized. If the CPU can mode switch fast enough it also enables less secure but still potentially effective solutions like randomly showing down 5% of cache hits on an operation where you need 100% accuracy to work properly, like encryption/decryption.

@stevenlynch3456

Ай бұрын

That is exactly what I was about to comment. If you add in enough randomness to where statistical tests can't tell you anything about the likelihood of thisTime corresponds to a multiply and thatTime corresponds to an add, then you've effectively solved this time-to-compute vulnerability. Also, I've heard that that bit exists. It's called a Chicken Bit because it's a bit that you purposely turn on in order to avoid something else (in this case, avoiding faster execution and therefore avoiding the vulnerability). I read about it on Sophos's website I think.

typo in description. *wreaking havoc. "reeking" means smelling like something.

@JasonKaler

2 ай бұрын

smells like a bunch of bad apples.

@markhathaway9456

2 ай бұрын

@@JasonKaler Smells like BoeingMAX.

This is an excellent video. Your explanations are so intuitive (despite my lack of comp arch stuff)

Been talking about physical layer exploitation for years. It has the ability to disrupt the entire manufacturing and distribution process at core layers that literally cost billions of dollars to fix

Heard you in ThePrime yt clip. I love that he credited your Twitter but not your yt channel.

Boy, Apple is just having more and more problems this week

@tylerdurden9083

2 ай бұрын

Every CPU has some sort of this vulnerability, it's not just Apple. And the frustrating part of this is it is very hard to fix without affecting performance!

@fishyc43sar

2 ай бұрын

​@@tylerdurden9083except in case of other manufacturers, it's easier to apply fixes etc.

@SimonVaIe

2 ай бұрын

​@@tylerdurden9083 well no. Many had this issue. Years ago. Right now it's apple who put old known bugs in their new architectures.

Another example (if possibly an apocryphal one) is that supposedly US government buildings will have spikes in nighttime pizza orders in the leadup to military operations since the people overseeing it will stay up waiting for updates.

@4thGradeReadingLevel

2 ай бұрын

Anyone else have to read this a couple of times to understand that there weren’t physical spikes being put in pizzas, just an increase in number of deliveries?

@Biosynchro

2 ай бұрын

The Manhattan Project could have been compromised because all of a sudden, all these scientists were changing their mailing addresses...

@dstarling61

Ай бұрын

I’ve burned my mouth on pizza before, but I’ve never encountered spikes in my pizza. It must be painful. 😂

“Where there is a will, there is a way”

Sadly, fixing this sounds like it will slow down cpus.

@JSiuDev

2 ай бұрын

Linux has boot option to disable those fix. But Apple don't. I recall my iMac actually slow down after those meltdown fix went in.

@brandonhoffman4712

2 ай бұрын

Only apple cpu's, in this case.

@JSiuDev

2 ай бұрын

@@brandonhoffman4712It was am Intel iMac. I am not sure if current M1/M2 cpu has those mitigations.

Your channel is really interesting!

Love that shirt I must have one! It is quite the exploit as side-channel attacks are pretty foreign to me.

I just learned about cache memory in uni and this was so interesting, great video!

Microarchitectural attacks are a very fascinating area of attacks. Unfortunately, the way they are presented in media is often very inaccurate and frankly, contains a lot of straight up factual errors. I get that it is hard to understand such vulnerabilities especialyl without a background in computer science. But sometimes I wish the reporters would try to understand what they are reporting on before writing an article. In the past, people trying to actually understand how such vulnerabilities worked had to read though the paper and try to understand it. A very high barrier of entry for people interested in such topics. Luckily, researchers tend to put out more high-level (but factually accurate) descriptions for many vulnerabilities in recent years. And, quite a few KZread channels covering such attacks on a deeper level than mainstream media whilst still being "noob friendly" have gained popularity. As a researcher (who is quite new to this field and to research in general), this leaves me very excited for the future, as more and more people interested in this field can find actual information and educate themselves.

@BillAnt

2 ай бұрын

Remember a few years ago the Bit-Banger attack on Androids exploiting RAM? Chip design in the future will have to include protection against these attacks.

This video was awesome besides the fact that the "if" on your shirt is the only non color-coded word on the shirt despite being the most commonly used.

This hugely underplays the impact of this bug in my opinion. In plain language, it means that we're back to any kind of installed program that contains suitable malware (however it chooses to fetch and execute it) being able to compromise everything on your machine and by virtue of that, providing a gateway to the network you are on. How hard is it to get people to install malware? Not very. How difficult it uncommon is it for organised criminals/state actors to release useful free software who's real purpose is to gain machine access? Not very.

Just one correction, the thing that we want are actually the “maybe” addresses themselves. Because on a cache miss, the information about which address was accessed is actually accessible that is the core design flaw. Since the addresses are now visible, we can try to “train” the speculative execution engine to prefetch for many signatures of data that looks like addresses, and when it does we can look at the fetch information to see what was the address (which is actually data in the cache), we dont really care about what is being fetched from ram.

😂😂😂Apple developers solving 5 hard Leetcode problems to ship a patch

I love episodes like this

Love your videos You was the first time where I saw some concept of assembly language on youtube. I saw some one teaching some sauce on KZread

@brandonhoffman4712

2 ай бұрын

I speak the language of assembly everyday! On Monday I demolished an exterior landing and began re-assembling it, sloped for code. Yesterday I finished the framework. Today I'm installing backerboard and a waterproofing/anti fracture membrane. Then the venetian tile. My assembly language is so good a hacker would have to show up on site with heavy duty hacking tools! You would probably catch him based off the noise he was making while hacking away on my work!

adding delays is also how they stopped crashes & ddos attacks online in the early days

Cash is king after all.

@piedpiper1172

2 ай бұрын

Cache is king* It was right there man

From what I have seen, this is not a physical access attack.

@cattleco131

2 ай бұрын

That’s right, but what he meant was, you must have access to run code on the machine first. This particular vulnerability doesn’t give you remote access.

People make fun of mainframes, but MVS solved this problem 45+ years ago of having storage protection keys and different types of access lists between individual process regions (address spaces as they later called them).

Hey, this is great! Thanks for talking at such an accessible level.

If your cache doesn't speed up your processor, you shouldn't have cache. It's such a difficult and frustrating thing to navigate cause the simple solution is just crap.

@surewhynot6259

2 ай бұрын

Cache isn't about speeding up the processor... It's about speeding up memory access, which speeds up code execution. The code itself is what determines how much of an effect cache has, not the processor.

@Finkelfunk

2 ай бұрын

L1 Cache can be accessed instantly, L3 cache already takes 21 clock cycles to access, RAM takes at much as 1ms. This doesn't sound like much until you realize thst a single clock cycle on a 5Ghz CPU is 0.2ns. Your PC would feel like a Commodore 64 without cache.

@danielbriggs991

2 ай бұрын

I think the point of confusion here stems from when it was said that "most processes adhere to constant-time programming." This perhaps makes it sound like they removed most of the cache fetching-vs.-failing variability but I think that in the case of actual fact they just underscored which opcodes use it and put in the processor's instruction manual "use these only if you'd like to admit time variability in your process." In terms of actual use, almost every program *will* use these almost as much as it did before, but e.g. encryption programs won't. Anyway, that's my takeaway after puzzling about this same issue. Someone who actually knows should weigh in.

@cinderwolf32

2 ай бұрын

Yup, I am aware! Constant time programming is a software technique, not a hardware technique. I found it to be slightly misleading how it was mentioned in-context in the video. While secure software can be written using constant time programming techniques, that can't be used to mitigate this issue on the hardware side, since it would involve also mitigating the effectiveness of cache and the CPU would have to wait around for memory all the time. (Or do something like speculative execution, which can also run into this issue.) The multiple levels at which security needs to be analyzed is why FIPS certification is so stringent even about the operating system and hardware a software package runs on.

@user-kf3rm3gd5j

2 ай бұрын

@@danielbriggs991 I don't know if you are correct. But I know what you said is far more reasonable than the other statements made here. And you even qualified your answer. You are a refreshing change from normal commenting behavior.

I'm such a noob at programming, but I love watching your videos. Almost everything you say goes over my head and you legit seem like a wizard to me. So the fact that this flies even over your head, I can't even fathom it. I am usually inspired to get better when I see better programmers than me, but sometimes when I see people who are such badasses on a whole other level, it kind of demotivates me because it doesn't seem like it's possible for me to ever get even half as good. Anyways, this bug sounds insane!

@cubbyhoo

2 ай бұрын

Know that it is possible! You've just got to keep going. I mean he even says, he doesn't understand all of it! No one finds it easy and everyone has been exactly where you have been with programming. Just keep going and focus on the fundamentals

Thanks for explaining something that was incomprehensible previously

I love side channel attacks, they are always so interesting and ingenious. Sometimes they can literally look like science fiction like the acoustic or electromagnetic ones.

The way this side channel vulnerability takes advantage of the difference between operation speed in branch prediction, reminds me of a bug mentioned in EVE Online lore. There is a way to use a ship equipment module called a data analyzer to gain information regarding when a player owned space station becomes vulnerable to being attacked and destroyed by other players. The description of this module mentions branch prediction vulnerabilities in something called a recursive computing module, which basically is the Eve Online version of a CPU for a space station.

It can probably be mitigated by a software update, just like meltdown or specter. There is no way that apple replaces all these devices.

@U20E0

2 ай бұрын

From what i know, a process can just stop DMP from reading its memory by setting a flag.

@oberpenneraffe

2 ай бұрын

​@@xE92vD It can be prevented by simply disabling DMP. This will cost some performance. Fun Fact: You can't "adjust the CPU's internal hardware" after the hardware has been delivered. So Apple will have to rely on software to fix this.

@oberpenneraffe

2 ай бұрын

@@xE92vD I wrote it probably can be mitigated. Mitigated != patched, but it will prevent the vulnerability from being exploited.

@fulconandroadcone9488

2 ай бұрын

@@oberpenneraffe with fuses you can remove functionality

@daasdingo

2 ай бұрын

@@oberpenneraffeNo, this is only possible on M3 (the bit to disable the feature)

Great explanation! Thanks for making this video!

I heard you on the Prime video. You know your stuff! How somebody discovered this is beyond me.

when researchers found goverment's backdoor

M1 chip was released two years after Spectre and Meltdown...

@daasdingo

2 ай бұрын

I can imagine the design was probably finished already when these came out, the timelines for new chips are loooong.

Some friends of mine think I'm a tech wizard because I can do a bit of programming, networking and administration stuff. When I try to tell them that I'm barely scratching the surface, this is the kind of stuff I'm thinking about. Computer science is madness.

So for password hash checks, have a pass/fail flag, and a dummy flag, and set them both to true. Loop through the entire hash, checking it against the has of whatever was entered. For each match, clear the dummy, and for any mismatch clear the pass/fail flag. Code these two paths so that they take the exact same amount of time. Always check the entire hash, even if the first character of the hash fails the check. Return the pass/fail flag. The result is that password checks always take the same amount of time, no matter how closely or badly the password matches.

This was eye opening. Thanks

well, a local bug like this one is good when you need to recover data from your machine when you need to fight the laptop's security.

You can either have fast or secure, pick one

always amazed at cache/tlb/memory exploits...very deep rabit hole to dwelve into

as someone who owns apple hardware and works in IT....shrug. we live in a time where there are vastly more trying to find the exploits than work on the design teams, so there will only be more and more of this. I've patched millions of CVEs in my job, but John and Lisa in marketing are the ones that have gotten us hit with something.

@lenerdenator

Ай бұрын

It's amazing how far you can get with a phishing email. Re: the Apple silicon bug... meh. So you've gotta have physical access to the machine, and want to peer into another process' secrets. I'm not sure if that's another Spectre/Meltdown, exactly, but if it is, this is far less of a big deal, because the point of those vulns was that they existed on processors that power the vast majority of the world's cloud computing servers, meaning there's a real chance you're sharing the machine with someone else. Very, very, very few Macs host cloud servers.

Thanks for the quality information. Remember to stay hydrated ❤

@LowLevelLearning

2 ай бұрын

Hey thank you for watching! Always hydrated lol. (there's water in coffee)

The prefetch optimisation is not available on M1 or M2 efficiency cores, and the M3 has the ability to disable the optimisation. So, while the research is worthy of great respect and a Phd grant or two, this is not the end of the world. Crypto code can be bound to efficiency cores on M1 and M2, and the optimisation can be disabled for anything that may leak key on M3. When KZread offered this video to me my instant reaction was click-bait and reminiscent of the tech press reaction to the researchers press release. But your description of the flaw was pretty clear.

The constant time programming mentioned at 4:55 needs to be emphasized that it only applies to cryptography functions which the paper itself does. A move operation by itself as stated in the video would not run in constant time mode. Thus constant time execution would apply to the example given at 1:50. The paper also presents a solution for Apple to resolve this issue as this exploit only occurs on one of the two processor types. It is not clear if some op codes can be altered to fix this on the main processor cores, though ironically it may very well end up slower on the bigger cores with the patch than the smaller ones. It should also be noted that this exploit also exists on the Intel side of things in at least the 13th generation (and 14th as it is the same as the 13th from a design perspective) of chips per the paper.

CIA backdoor was found too fast, lmao.

When keeping it "It's not a bug but a feature" becomes real

@brandonhoffman4712

2 ай бұрын

Plenty of apples features bug be enough not to buy.

What an incredible unforgiveable fuck up.

Doing some research for implementing a login process for a web application, I read that you should compare the entire string and then return if true or false, so the amount of time to check is always the same

@stevenlynch3456

Ай бұрын

That is a good point, but make sure the functions you use are ALSO constant-time functions. I.e., the code that YOU write may be constant-time, but the implementations of the libraries you use are likely optimized for speed and therefore are likely NOT optimized for security.

Really incredible security research. Love these kinds of things!

Why does this need physical access to a machine, surely this is the same class as Spectre and Meltdown in that you just need to be able to execute code on the target machine, right?

@SileySiley-dh5qz

2 ай бұрын

Any code running locally can exploit this bug, that's my understanding.

@shrootskyi815

2 ай бұрын

LLL said access, not _physical_ access. I assume he meant access to the machine as in access to the processor, as in ability to execute code on it.

A couple things. If a bad guy has physical access to your machine, it doesn't matter what kind of machine it is, or whether it has some new just discovered vulnerability, you've already lost. Second, sounds to me like there are vulnerabilities in any digital password system, just like there are vulnerabilities in any lock. A skilled picker is going to get in, it's just a matter of time, and the amount of time needed is directly proportional to the skill times the determination. If it's a determined attacker and the information is highly valuable, then computer hacking skills may very well fall wayside to actual physical hacking skills, as in hacking off fingers one at a time till the owner coughs up the password. When deciding on how to invest in security, it's wise to assess ALL the factors.

@SimonVaIe

2 ай бұрын

As far as I've seen, this vulnerability doesn't require physical access.

Really awesome breakdown!

This bug requires a very minor fix that's commonly applied on Apple products, the _Buy Another One_ method.

@dunar1005

2 ай бұрын

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs. Additionally, input blinding can help some cryptographic schemes avoid having attacker-controlled intermediate values, avoiding key-dependent DMP activation

@AndrewRoberts11

2 ай бұрын

Apple may push a tweaked copy of CryptoKit, their wrapper, used by many an app, to access the standard crypto functions, to mitigate the issue. Along with tweaking their app approval processes, to scan for any app apparently attempting the exploit. The CryptoKit performance hit should be minimal, while the App approval process should protect the non-side loading majority.

This kind of vulnerability is why I always ask, "why isn't all memory loaded directly into processor adjacent memory?" Why are ram modules separate, when cpus already have multi die, multi component packages?

@marygreen1495

2 ай бұрын

wouldn’t that be really expensive (cache memory is a lot faster but also much more expensive than ram)?

@Roman-sn3kh

2 ай бұрын

Do you mean like, why all the memory isn't in the cache instead of RAM? If so, then it's a high price of cache modules I would guess.

@TrioLOLGamers

2 ай бұрын

​​​@@marygreen1495exactly. Also we have lots of laptops with not soldered SSDs and sometimes even Rams because SSDs can die (it happened to me and others with good SSDs, it is also an higher risk the more you have lower RAM, so higher caching. The bad thing is the way an SSD dies: there is no way to recover... Nand or controller dies... Sometimes you can recover an hdd, but an SSD...)

@framegrace1

2 ай бұрын

You can put the RAM in the same die as the CPU, but that will not improve significantly anything. Cache is not faster just because is inside the CPU. Is a totally different kind of memory than runs 100x times faster, at less than a nanosecond speeds.

@Luiz6247

2 ай бұрын

Like they said above, cache memory is faster and more expensive. But also, they have a faster time responding exactly because they are smaller, this decreases fetch latency. That is the main reason we have not only caches but multi-level caches in current CPUs, instead of having one big cache.

You can only patch software

i read about the bug, and sort of got it, but my god, the genius behind exploiting it is amazing. to even think of it in the first place...

At first it will check the length of the strings and then compare each char

@shadamethyst1258

2 ай бұрын

That's still not enough, you can find out how long the expected password is by trying out different lengths first, and then pad out your attempts every time, which will still be linear complexity

Saw this video 1 hour after it came out. :) Btw, making my own compiled language without LLVM.

Apple to Intel: Hold my beer...