Skip to content Skip to footer

Apple M-Series Chips Vulnerable to Key-Extraction Attack: GoFetch Exploit

A recent discovery has unveiled a security in 's M-series chips that could allow attackers to extract secret keys used during cryptographic operations. Dubbed “GoFetch,” the relates to a microarchitectural side-channel attack that a feature known as the data memory-dependent prefetcher (DMP). This technique targets constant-time cryptographic implementations, capturing sensitive data from the CPU cache. The University of Illinois Urbana-Champaign researchers, University of Texas, Georgia Institute of Technology, University of California, Berkeley, University of Washington, and Carnegie Mellon University discovered the flaw in December 2023.

Prefetchers are a hardware optimization technique that predicts which memory addresses a program will access shortly and retrieves the data into the cache accordingly from the main memory. The goal is to reduce the program's memory access latency. DMP is a type of prefetcher that considers the contents of memory based on previously observed access patterns when determining what to prefetch. This behavior makes it ripe for cache-based attacks that trick the prefetcher into revealing the contents associated with a victim process that should be inaccessible.

GoFetch builds on the foundations of another microarchitectural attack called “Augury,” which employs DMP to leak data speculatively. “DMP activates (and attempts to dereference) data loaded from memory that ‘looks like' a pointer,' the researchers said. This explicitly violates a requirement of the constant-time programming paradigm, which forbids mixing data and memory access patterns.”

The vulnerability requires the victim and attacker to have two different processes co-located on the same machine and CPU cluster. The could lure a target into downloading a malicious app that GoFetch. While the attacker and victim do not share memory, the attacker can monitor any microarchitectural side channels, such as cache latency.

In a nutshell, GoFetch demonstrates that “even if a victim correctly separates data from addresses by following the constant-time paradigm, the DMP will generate secret-dependent memory access on the victim's behalf,” rendering it susceptible to key-extraction attacks. An attacker could weaponize the prefetcher to influence the data being prefetched, thus opening the door to accessing sensitive data. The vulnerability has profound implications as it nullifies the security protections of constant-time programming against timing side-channel attacks.

The flaw's fundamental nature means that it cannot be fixed in existing CPUs, requiring cryptographic library developers to take steps to prevent conditions that allow GoFetch to succeed. This could also introduce a performance hit. Users are urged to keep their systems up-to-date.

On M3 chips, however, enabling data-independent timing (DIT) has been found to disable DMP. This is not possible on M1 and M2 processors. “ silicon provides data-independent timing (DIT), in which the processor completes certain instructions in a constant amount of time,” notes in its documentation. “With DIT enabled, the processor uses the longer, worst-case amount of time to complete the instruction, regardless of the input data.”

The iPhone maker also emphasized that although turning on DIT prevents timing-based leakage, developers are recommended to adhere to “avoid conditional branches and memory access locations based on the value of the secret data” to effectively block an adversary from inferring secret by keeping tabs on the processor's microarchitectural state.

In another development, researchers from the Graz University of Technology in Austria and the University of Rennes in France demonstrated a new graphics processing unit (GPU) attack affecting popular browsers and graphics cards that leverages specially crafted.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

- Dade: What is it with this guy?
- Phreak: His parents missed Woodstock, and he's been making up for it since.
Dade & Phreak

Deitasoft © 2024. All Rights Reserved.