A newly discovered vulnerability in Apple’s M-series chips poses a serious security risk by allowing attackers to extract secret encryption keys during cryptographic operations.
This flaw is deeply ingrained in the microarchitectural design of the chips, especially earlier M1 and M2 generations, making it impossible to patch directly.
GoFetch : New side-channel attack using data memory-dependent prefetchers : https://t.co/CqC7ikswsG
Paper : https://t.co/zsMsE5BcMI
Go's RSA-2048 Key Extraction on Apple m1 : pic.twitter.com/Iv1NZQm4u3
— Binni Shah (@binitamshah) March 21, 2024
How Apple Flaw Was Found
The vulnerability exploits the chips’ data memory-dependent prefetcher (DMP), a feature designed to improve performance by predicting and preloading data into the CPU cache.
A team of academic researchers has found that this feature can inadvertently leak encryption keys by treating data as memory addresses.
The research demonstrated how the DMP’s unique behavior can be exploited to extract cryptographic keys. Unlike traditional prefetchers that only consider memory addresses, the DMP in Apple silicon also considers data values, leading to potential security breaches.
GoFetch Attack
The attack is named GoFetch. It leverages normal user system privileges and does not require root access. It can extract keys from both classical encryption algorithms and those designed to be quantum-resistant. Therefore, it showcases the severity of the vulnerability.
Mitigating this vulnerability will require significant changes in how cryptographic software is developed for M-series processors. Developers must employ additional defenses, which could dramatically impact performance, particularly in cryptographic operations.
Developers of cryptographic software will face the challenge of implementing new defenses without overly compromising performance. End users are advised to stay updated on software patches addressing this vulnerability, especially for critical cryptographic applications.
Future Outlook and Apple Response
The discovery calls for reevaluating the hardware-software interaction, particularly concerning data prefetching technologies. The researchers suggest hardware changes, such as enabling the disabling of the DMP for security-critical applications, to prevent similar vulnerabilities in the future.
Apple has yet to comment on the findings. Users concerned about the security of their cryptographic data are advised to monitor updates closely and consider the potential for other protocols to be affected by similar vulnerabilities.