Researchers report Apple silicon CPU vulnerability that can expose encryption keys
Take action: This vulnerability is part of the architecture of the CPU. If you are using Apple devices that run M1/M2/M3 processors, the best you can do is keep good hygiene - patch your computers and use only applications from trusted sources.
Learn More
A recently uncovered side-channel attack named "GoFetch" poses a threat to the security of cryptographic keys on devices equipped with Apple's M1, M2, and M3 processors.
Developed by a team of seven researchers from various U.S. universities, GoFetch was disclosed to Apple on December 5, 2023. This vulnerability stems from a hardware-based flaw in the CPU architecture, making it impossible to fix in the affected processors directly. Although software mitigations could potentially address the issue, they would likely degrade the performance of cryptographic operations.
This attack takes advantage of the data memory-dependent prefetchers (DMPs) present in these modern CPUs, designed to improve performance by predicting and preloading data into the CPU cache based on previous memory access patterns. The GoFetch attack can reconstruct private cryptographic keys from cache data by exploiting the prefetching behavior, affecting algorithms like OpenSSL Diffie-Hellman, Go RSA, CRYSTALS Kyber, and Dilithium.
The DMP feature unlike traditional prefetchers that rely solely on past memory access patterns, can also examine the data values in memory to decide what to prefetch. This capability, while aimed at enhancing computing performance, inadvertently breaches the principles of constant-time cryptographic implementations by allowing data and memory access patterns to intermingle.
Each time the hackers guess a part of the combination correctly, the DMP behaves in a way that confirms their guess. By watching how the DMP reacts to their guesses, the hackers can figure out the entire secret combination bit by bit.
DMP can be disabled on the M3 processor but such an option is not available for the M1 and M2 chips. The researchers propose alternative defensive strategies for developers, such as input blinding and DMP activation masking, to obscure the influence of malicious inputs. However, any software-based mitigation proposed by Apple to counteract GoFetch would inevitably impact system performance, similar to fixes for previous side-channel attacks.
The inherent nature of this vulnerability limits immediate protective measures to maintaining vigilant computing practices, such as keeping software up-to-date and downloading applications from trusted sources.
