Friday, March 22nd 2024

Apple M-Series CPUs Affected by "GoFetch" Unpatchable Cryptographic Vulnerability

by
AleksandarK
 Discuss (45 Comments)
A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.

To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.
As the flaw is hardware-based, Apple cannot directly patch the vulnerability. Instead, the responsibility falls on third-party cryptographic software developers to build defenses into their applications. However, these mitigations could come at a cost, potentially degrading the performance of M-series chips when executing cryptographic operations, particularly on earlier generations. In light of this discovery, Mac users are advised to exercise caution when running untrusted applications and to keep their systems updated with the latest security patches. While this vulnerability poses a significant concern, it is essential to note that exploiting the flaw requires the attacker to have access to the targeted system.
Sources: Ars Technica, GoFetch

Related News

Add your own comment

45 Comments on Apple M-Series CPUs Affected by "GoFetch" Unpatchable Cryptographic Vulnerability

#26
R-T-B
phintsLol unpatchable wait what? Does Apple not have some kind of Microcode/AGESA type firmware they catch patch at the bios level like Intel/AMD?
It's a silicon level flaw, not microcode level.
Posted on Reply
#27
user556
What the frig is "data and memory"?
Posted on Reply
#28
R-T-B
user556What the frig is "data and memory"?
Memory is a box. Data is what you put in the box.
Posted on Reply
#29
nulshift
WirkoWell here's the added value: people with old computers will be forced to upgrade too.
Found the e-waste enthusiast. There really isn't a point to replacing what still works great.
Posted on Reply
#30
user556
R-T-BMemory is a box. Data is what you put in the box.
Right, so how can one achieve the mixing of data and memory access patterns?
Posted on Reply
#31
R-T-B
user556Right, so how can one achieve the mixing of data and memory access patterns?
You are getting a bit complicated for a layman explanation, but it would mean combining a certain memory address with certain memory contents.

ROWHAMMER memory attacks are an example of such a thing.
Posted on Reply
#32
marios15
This looks more like skipping security checks to gain performance like for example meltdown

Give them another 10 years and all those skipped security checks will require enough transistors to match x86 power efficiency

Oh and this bit is great:

As an Apple user, there is not much you can do other than practice safe computing habits....
...
The GoFetch attack does not require physical access for exploitation, so if the attacker can run code on the target machine, for example, via malware infection, it can be executed remotely.


This is the perfect backdoor lol. Thanks for the "privacy & security" section.
Posted on Reply
#33
user556
R-T-BYou are getting a bit complicated for a layman explanation, but it would mean combining a certain memory address with certain memory contents.
C'mon, using an address as data is just more data.
Posted on Reply
#34
TechLurker
Big "oof" moment, right as they're pushing M3 and it supposedly being faster than M1 and M2. I wonder if mitigations would also kill performance to be equal or worse to M1 or M2 without mitigations.

On the other end, if this makes some M2 products cheaper, I might just go for a larger M2 tablet, just to play the 2 iPad exclusive games I'm playing on a smaller refurbished M1, as well as being a bigger e-reader (which I also use the tiny M1 for).
Posted on Reply
#35
user556
Given the likely performance hit, I'm guessing Apple won't worry about mitigating it via software because the vulnerability can't be remotely exploited by itself anyway. An attack would first need a way to be executed as native code locally on the target machine.
Posted on Reply
#36
R-T-B
user556C'mon, using an address as data is just more data.
That's not how addressing works. An address is a particular place, not more data. In the example of a rowhammer attack, that is on the edge of a row boundary in memory, combined with a repeated write operation of a "1" pattern which can induce a bitflip.

I'm more fuzzy on the details here.
Posted on Reply
#37
bug
FouquinForcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
No this was about current macbooks. And as I have said, it was about some instruction for the cryptographic signature it had nothing to do with "You should be developing in the environment you develop for". Which is idiotic in its own way, I clearly stated this was a requirement for submitting to the AppStore. If developers followed you advice, they'd be developing iOS apps on iPhones.
(Fwiw, I understand what you meant, you just didn't word that very well.)
Posted on Reply
#38
Vayra86
Now watch Apple create a proprietary adapter with a chip in it for hardware mitigation.

And sell it at $299,-
Posted on Reply
#39
Guwapo77
Intel has had unpatchable CPUs in the past - CVE-2019-0090 and I'm sure more will come in the future. AMD's Tesla chip is unpatchable. Its unfortunate, but it happens. All these chip makers can do is fix it with an upcoming silicon. So good luck fellow hardware enthusiast, lets hope nothing we currently own reveals an unpatchable vulnerability. Practices safe surfing!
Posted on Reply
#40
user556
R-T-BThat's not how addressing works. An address is a particular place, not more data. In the example of a rowhammer attack, that is on the edge of a row boundary in memory, combined with a repeated write operation of a "1" pattern which can induce a bitflip.

I'm more fuzzy on the details here.
Yep, but fiddling the order of addressing doesn't seem much like "mixing data and memory" to me.
Posted on Reply
#41
R-T-B
user556Yep, but fiddling the order of addressing doesn't seem much like "mixing data and memory" to me.
I mean it's somewhat awkward wording sure but it's what it means.
Posted on Reply
#42
user556
I have my doubts. It's just the flip of what I said earlier. Using data for making up addresses is likewise just more addresses. It stops being data.
Posted on Reply
#43
kapouer
FouquinForcing developers to upgrade is an industry wide thing. To be perfectly frank; developers don't upgrade enough. You should be developing in the environment you develop for. Not using a 2013 Thinkpad hackintosh'd running every back-channel workaround to make XCode work properly.
Developers DO upgrade more than common people.
I upgraded my 2011 iMac to latest linux 6.6.15 last month (along with gnome graphical env, on debian trixie).

However I CANNOT upgrade OSX because they stopped support for that iMac.
Even with OpenCore-Legacy-Patcher, it's barely usable, and feels so slow (and hot !) when compared to linux.
If there was a carbon tax, using linux would become mandatory :)
Posted on Reply
Add your own comment
Nov 21st, 2024 03:34 EST change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts