Friday, March 22nd 2024

Apple M-Series CPUs Affected by "GoFetch" Unpatchable Cryptographic Vulnerability

A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.

To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.
As the flaw is hardware-based, Apple cannot directly patch the vulnerability. Instead, the responsibility falls on third-party cryptographic software developers to build defenses into their applications. However, these mitigations could come at a cost, potentially degrading the performance of M-series chips when executing cryptographic operations, particularly on earlier generations. In light of this discovery, Mac users are advised to exercise caution when running untrusted applications and to keep their systems updated with the latest security patches. While this vulnerability poses a significant concern, it is essential to note that exploiting the flaw requires the attacker to have access to the targeted system.
Sources: Ars Technica, GoFetch
Add your own comment

45 Comments on Apple M-Series CPUs Affected by "GoFetch" Unpatchable Cryptographic Vulnerability

#2
Fouquin
Apple now gets to experience the joy of owning their designs. Can't just ask Intel to fix the security hole, nope, now you have to do it yourself and consider how to solve the problem going forward with new silicon.
Posted on Reply
#3
bug
That's hilarious, considering how a few years back, when they were still using Intel CPUs, at some point they forced developers to upgrade to new hardware because the old one, while perfectly adequate, did not have hardware acceleration for some cryptographic extension they were using while singing stuff to submit to the AppStore. How that didn't end with them being sued into oblivion is beyond me. But then again... Apple.
Posted on Reply
#4
LabRat 891
No way any one is going to convince me otherwise:
Apple (at some level) knew this, and will actively leverage this 'flaw' upon consumers to push them to upgrade.

Apple will continue to boast being the most secure, while concurrently using this security flaw to bring users to their next iteration.
Posted on Reply
#5
Fouquin
bugThat's hilarious, considering how a few years back, when they were still using Intel CPUs, at some point they forced developers to upgrade to new hardware because the old one, while perfectly adequate, did not have hardware acceleration for some cryptographic extension they were using while singing stuff to submit to the AppStore. How that didn't end with them being sued into oblivion is beyond me. But then again... Apple.
Forcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
Posted on Reply
#6
bitsandboots
FouquinForcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
Give them a fast computer and they won't experience the slowness of their designs on old computers that people actually use.
A 2013 computer is perfectly fine for software written with resource consumption in mind.
Posted on Reply
#7
AnarchoPrimitiv
FouquinForcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
Stop defending Apple via whataboutism
Posted on Reply
#8
LabRat 891
AnarchoPrimitivStop defending Apple via whataboutism
That hurt to read. o_O

Apple can go to hell but,
"whataboutism"? It's literally just 'topical and expanded discussion' that doesn't fit the other party's PoV.
Even if you can't see how it links into the topic, it doesn't make it "whataboutism".

If anything, it's more evidence for the harms Apple has brought to the world. Whatever they do, get away with, and is proven profitable, the industry follows.
Just because the whole industry is sick, doesn't 'remove blame' from Apple.
Posted on Reply
#9
Makaveli
FouquinApple now gets to experience the joy of owning their designs. Can't just ask Intel to fix the security hole, nope, now you have to do it yourself and consider how to solve the problem going forward with new silicon.
And ironic that Intel's Raptor Lake uses the same DMP but doesn't have this vulnerability.
Posted on Reply
#10
phints
Lol unpatchable wait what? Does Apple not have some kind of Microcode/AGESA type firmware they catch patch at the bios level like Intel/AMD?
Posted on Reply
#11
Makaveli
phintsLol unpatchable wait what? Does Apple not have some kind of Microcode/AGESA type firmware they catch patch at the bios level like Intel/AMD?
unpatchable means just that. Its require new silicon and cannot be fixed via microcode.
Posted on Reply
#12
unwind-protect
phintsLol unpatchable wait what? Does Apple not have some kind of Microcode/AGESA type firmware they catch patch at the bios level like Intel/AMD?
Good question. I guess we gonna find out.
Posted on Reply
#13
Wirko
bitsandbootsGive them a fast computer and they won't experience the slowness of their designs on old computers that people actually use.
Well here's the added value: people with old computers will be forced to upgrade too.
Posted on Reply
#14
Makaveli
unwind-protectGood question. I guess we gonna find out.
there maybe software-based mitigations however that will slow down M1, M2, and M3's encryption and decryption performance.
Posted on Reply
#15
Unregistered
I guess even the hackers get to have the "it just works" experience.
Posted on Edit | Reply
#16
MacZ
"Vulnerability"
Posted on Reply
#17
arbiter
FouquinApple now gets to experience the joy of owning their designs. Can't just ask Intel to fix the security hole, nope, now you have to do it yourself and consider how to solve the problem going forward with new silicon.
Given Apple's history of fixing things, you will see what ever they come up with in ~3 or so months.
MakaveliAnd ironic that Intel's Raptor Lake uses the same DMP but doesn't have this vulnerability.
Sounds like its not same if 1 has a security flaw while other doesn't. Wouldn't shock me as someone else noted that apple might known about it but didn't do anything. Apple has had history of shadey things to make their hardware look far better in adverts compared to other side. Hence why intel side doesn't have flaw as they fixed and took the hit instead of dealing with headache they had for a few years over many cpu generation's that cost many cpu's a double digit performance loss. Leaves app dev's to do work and also apple can try to blame them for slow performance.
Posted on Reply
#18
Makaveli
arbiterSounds like its not same if 1 has a security flaw while other doesn't.
The difference could be how its implemented.
Posted on Reply
#20
Lew Zealand
Nah, just sour grapes. People want Apple hardware because it's good, but not the OS lock-in or sky-high prices.
Posted on Reply
#21
AnotherReader
Lew ZealandNah, just sour grapes. People want Apple hardware because it's good, but not the OS lock-in or sky-high prices.
There's also the association, right or wrong, of using Apple with snobbery. As for the bug, if it is indeed unfixable in hardware for older M series SOCs, then that would indicate a lack of updatable microcode in Apple's designs.
Posted on Reply
#22
mechtech
Good thing it’s a small percentage of cpus compared to x86. ;)
Posted on Reply
#23
Aleksandar_038
FouquinForcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
Well, ever since "industry" got into frenzy "more, more, faster, faster, upgrade, upgrade" thinga have been going downhill.

You know, in real life, we actually need aoftware to work for decade or two.

And we do not want changes every two months.

But big software corps are run by typical techbros today, so we can all have a lot of fun
Posted on Reply
#24
Carillon
mechtechGood thing it’s a small percentage of cpus compared to x86. ;)
Nothing to fear, the researchers were probably holding the CPUs wrong
Posted on Reply
#25
natr0n
"Goes into vault... I guess I have to update everything"
Posted on Reply
Add your own comment
Nov 21st, 2024 06:16 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts