Researchers have revealed a vulnerability in Apple Silicon processors called GoFetch, enabling attackers to extract secret keys from Mac computers during extensive cryptographic operations. Importantly, patching the flaw is virtually impossible as it originates from the processor’s microarchitecture.
APPLE SILICON VULNERABILITY
Researchers have identified a vulnerability in Apple’s self-designed M-series processors. This vulnerability permits the theft of cryptographic information from the processor cache under specific conditions. Modern computing devices employ a hardware optimization known as the DMP (data memory-dependent prefetcher), which decreases latency between the main memory and the CPU by predicting memory addresses and prefetching their contents into the CPU cache before they are required.
By exploiting the flawed mechanism in handling cryptography operations, attackers can gradually recover private encryption keys.
Unlike typical vulnerabilities, this flaw cannot be remedied directly with a software patch. It is inherent to the microarchitecture design of the silicon itself. The only solution to mitigate this vulnerability is to integrate defenses into third-party cryptographic software. However, this workaround may significantly impact performance, particularly affecting older M1 and M2 chips the most.
GOFETCH ATTACK
The attack, known as GoFetch, leverages both classical and quantum-resistant encryption algorithms. It targets a vulnerability in Apple processors associated with the DMP (data memory-dependent prefetcher), a next-generation prefetcher used in Apple and Intel Raptor Lake processors. This prefetcher loads memory contents into the cache before they’re required. GoFetch can be exploited if the target cryptographic operation is performed by a malicious application with standard user privileges, which are typically accessible to most applications running in the same CPU cluster.
The vulnerability arises from the prefetcher’s capability to load data into the CPU cache along with a pointer to load additional data. DMP occasionally confuses memory contents, leading to the incorrect loading of data into the CPU cache.
This vulnerability undermines constant-time protection, which is designed to safeguard against side-channel and cache-related CPU attacks. Constant-time protection ensures that all operations take the same time, regardless of their operands. However, due to this vulnerability, applications exploiting GoFetch can place sensitive data in the cache, which can then be stolen by a malicious application.
UNPATCHABLE VULNERABILITY
Fixing this vulnerability through patching is impossible as it resides in the architecture of Apple Silicon chips. The only solution is to implement software protections and embed patches in third-party cryptographic software that avoids utilizing the vulnerable mechanism. However, this approach will slow down cryptography operations on M1 and M2 chips, disrupting developers’ workflows.
Alternatively, it is theoretically feasible to execute cryptographic processes on efficiency cores, which lack DMP. However, this would also impact performance, as efficiency cores were not designed for speed, and the flawed mechanism itself introduced significant speed enhancements. Experts note that the performance decrease will only be noticeable in software that specifically performs certain cryptographic operations. In many applications, such as browsers, users are unlikely to perceive any changes.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment