- Joined
- Aug 19, 2017
- Messages
- 2,651 (0.99/day)
A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.
To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.
As the flaw is hardware-based, Apple cannot directly patch the vulnerability. Instead, the responsibility falls on third-party cryptographic software developers to build defenses into their applications. However, these mitigations could come at a cost, potentially degrading the performance of M-series chips when executing cryptographic operations, particularly on earlier generations. In light of this discovery, Mac users are advised to exercise caution when running untrusted applications and to keep their systems updated with the latest security patches. While this vulnerability poses a significant concern, it is essential to note that exploiting the flaw requires the attacker to have access to the targeted system.
View at TechPowerUp Main Site | Source
To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.
As the flaw is hardware-based, Apple cannot directly patch the vulnerability. Instead, the responsibility falls on third-party cryptographic software developers to build defenses into their applications. However, these mitigations could come at a cost, potentially degrading the performance of M-series chips when executing cryptographic operations, particularly on earlier generations. In light of this discovery, Mac users are advised to exercise caution when running untrusted applications and to keep their systems updated with the latest security patches. While this vulnerability poses a significant concern, it is essential to note that exploiting the flaw requires the attacker to have access to the targeted system.
View at TechPowerUp Main Site | Source