Greetings - This is my first post here. I am strongly considering buying an M3 MacBook Air 15 inch to replace my mid-2015 MacBook Pro. However, the stories about GoFetch gave me pause. I know that it is all very theoretical and not an actual threat at this time, but I had two questions to understand the situation better: 1) If ever implemented, would GoFetch steal passwords to any and all of our accounts, such as email, banking, social media, etc.? Is that the nature of the threat? and 2) I have never used Password Managers very much - I don't let them save passwords, I input manually myself (keeps the human memory sharp). If one does not use a password storage system, is the threat from GoFetch diminished, or is something like GoFetch designed to steal passwords some other way? If your passwords are not stored, are you protected more from GoFetch, or is such a practice irrelevant? Thank you for your input!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How does GoFetch work?
- Thread starter MacJoy994
- Start date
- Sort by reaction score
Hello,
You really do not need to worry about GoFetch as an average user. It is not about stealing passwords; It's about peeking into isolated data from beyond the process isolation boundary, i.e. data in flight.
It requires that you are running malicious software that can invoke your cryptography function to its heart's content with chosen inputs, or if you speak cryptography, a CPA (Chosen Plaintext Attack). More ideally it can mess around with intermediate values or something but it needs some form of guidance over what it's trying to exploit. It is primarily a risk if you run a server on your machine. In that case malicious software on said machine can snoop on the prefetching of data while spamming the public endpoint with connections with chosen encryption challenges and extract the private key from it even if it should only live in the process space of the server daemon and not be accessible to the program in question.
The issue is entirely orthogonal to the merits of password managers, but I will say this. Password Managers are, in almost every circumstance, more secure and safe than not using them. It is way more likely that a server you've interacted with gets hacked than that your personal machine gets taken over. In the case of a password hash list breach, if you use a password manager, they will get a nearly uncrackable hash that has only been used once. If not using a password manager you will have picked a memorable string that you have probably used several other places, and it's now considered compromised on all those sites not just the one that had a data breach.
But GoFetch does not relate to storage, and as the unlocking of your password vault is a one time operation per use without inputs owned by other processes, it would take a billion years for a GoFetch malware, running on your computer, to get anything out of your keychain.
Also note that Intel chips also have hardware vulnerabilities. Some mitigated, and countless others yet undiscovered no doubt.
You really do not need to worry about GoFetch as an average user. It is not about stealing passwords; It's about peeking into isolated data from beyond the process isolation boundary, i.e. data in flight.
It requires that you are running malicious software that can invoke your cryptography function to its heart's content with chosen inputs, or if you speak cryptography, a CPA (Chosen Plaintext Attack). More ideally it can mess around with intermediate values or something but it needs some form of guidance over what it's trying to exploit. It is primarily a risk if you run a server on your machine. In that case malicious software on said machine can snoop on the prefetching of data while spamming the public endpoint with connections with chosen encryption challenges and extract the private key from it even if it should only live in the process space of the server daemon and not be accessible to the program in question.
The issue is entirely orthogonal to the merits of password managers, but I will say this. Password Managers are, in almost every circumstance, more secure and safe than not using them. It is way more likely that a server you've interacted with gets hacked than that your personal machine gets taken over. In the case of a password hash list breach, if you use a password manager, they will get a nearly uncrackable hash that has only been used once. If not using a password manager you will have picked a memorable string that you have probably used several other places, and it's now considered compromised on all those sites not just the one that had a data breach.
But GoFetch does not relate to storage, and as the unlocking of your password vault is a one time operation per use without inputs owned by other processes, it would take a billion years for a GoFetch malware, running on your computer, to get anything out of your keychain.
Also note that Intel chips also have hardware vulnerabilities. Some mitigated, and countless others yet undiscovered no doubt.
And M3 does have chicken bits that can disable the DMP (Data Dependent Memory Prefetcher - the vulnerable hardware feature) - It would come at a huge performance cost, but in theory it could be allowed that it be turned off during sensitive computation like cryptography and re-enabled on exit.
Thank you so much for your thoughtful reply! I appreciate the details. Just wanted to have a sense of whether my online activities will put me much at risk, especially logging into email, banks, etc. Thanks again.
Sure thing. But yeah. Nothing to really worry about assuming you otherwise practice decently good security practices.
With a masters degree in computer security I gladly do confidential computing on my M1 without worry