Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

An unpatchable vulnerability has been discovered in Apple's M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).

m1 vs m2 air feature toned down
Named "GoFetch," the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple's processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they're dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there's less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don't care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

In summary, the paper shows that the DMP feature in Apple silicon CPUs could be used to bypass security measures in cryptography software that were thought to protect against such leaks, potentially allowing attackers to access sensitive information, such as a 2048-bit RSA key, in some cases in less than an hour.

According to the authors, the flaw in Apple's chips cannot be patched directly. Instead, the attack vector can only be reduced by building defenses into third-party cryptographic software that could result in an extreme performance degradation when executing the cryptographic operations, particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple's latest chip, has a special bit that developers can invoke to disable it, but the researchers aren't yet sure what kind of penalty will occur when this performance optimization is turned off.

As ArsTechnica notes, this isn't the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the ‌M1‌ and Apple's A14 Bionic chip for iPhones, which resulted in the "Augury" attack. However, this attack was ultimately unable to extract the sensitive data when constant-time practices were used.

"GoFetch shows that the DMP is significantly more aggressive than previously thought and thus poses a much greater security risk," the researchers claim on their website. "Specifically, we find that any value loaded from memory is a candidate for being dereferenced (literally!). This allows us to sidestep many of Augury's limitations and demonstrate end-to-end attacks on real constant-time code."

DMP-style attacks are not common, and the researchers informed Apple of the vulnerability in December 2023. Users concerned about the vulnerability are advised to check for GoFetch mitigation updates that become available in future macOS updates for any of the encryption protocols known to be vulnerable. Apple representatives declined to comment on the record when ArsTechnica asked about the paper.

Top Rated Comments

danieldk Avatar
1 week ago
This kind of vulnerability is bad - future hardware revisions should solve it and mitigations should be put into place. However, glossing over the paper, this currently does not seem like a big threat to most users:

Emulating realistic attack scenarios, we assume that ct-swap runs in a victim process, separate from the attacker’s address space. We assume a simple but common protocol between victim and attacker, where the victim takes input from the attacker to populate the ct-swap’s a and b arrays and then executes ct-swap.

So, it assumes that not only has the attacker has a process running on a victim's machine, but that it can also feed input directly to the victim process. However, if a malicious actor already has a local process running with user privileges, there are so many possible attack vectors, that it's also often game over before this vulnerability. If you only install trusted software, you should be pretty safe.

What made Meltdown/Spectre so devastating on Intel CPUs is that they allowed snooping information without communication with the victim process and that e.g. Linux is used on many multi-tenant machines. So there is ample opportunity to eavesdrop on other people's machines.

It's a bit sad that Ars did not qualify the research further, because if you read the headline and article, it's as if the sky is falling on Apple Silicon CPUs. But (not surprisingly) it's not.
Score: 66 Votes (Like | Disagree)
brijazz Avatar
1 week ago
Still better than updating to 14.4 ;)
Score: 33 Votes (Like | Disagree)
danieldk Avatar
1 week ago

From Macworld this morning:
[...]
DMP-based attacks aren’t common, and they require a hacker to have physical access to a Mac. So, the best way to prevent an attack is you secure your user account on your Mac with a strong password, and do not let people you don’t know use your Mac. For more information on Mac security, read “;How to know if your Mac has been hacked ('https://www.macworld.com/article/676307/how-to-know-if-your-mac-has-been-hacked.html')” and “How secure is your Mac? ('https://www.macworld.com/article/668710/how-secure-mac.html')” Also consider running an antivirus program on your Mac ('https://www.macworld.com/article/670537/do-macs-need-antivirus.html').
By the way, MacWorld is incorrect here. It does not require physical access. A malicious actor needs to be able to run a process in your machine. This can also be accomplished by tricking the user to install malware, planting malware through vulnerabilities in programs that read untrusted data (web browser, iMessage, etc.).

If you don't install random software from the internet, you should be pretty safe.
Score: 26 Votes (Like | Disagree)
hovscorpion12 Avatar
1 week ago
Genuine question. Does this “exploit“ actually have an effect on users? Or this for specific individuals?
Score: 24 Votes (Like | Disagree)
hovscorpion12 Avatar
1 week ago

Wonder how long Apple has known about this? I think we can safely assume based on past experience that Apple did nothing, hoping the public would never know.
The devs posted they informed Apple in Dec 2023.
Score: 21 Votes (Like | Disagree)
mystery hill Avatar
1 week ago
This can be fixed by upgrading to M5.
Score: 21 Votes (Like | Disagree)

Popular Stories

maxresdefault

Apple to Launch New iPad Pro and iPad Air Models in May

Thursday March 28, 2024 11:07 am PDT by
Apple will introduce new iPad Pro and iPad Air models in early May, according to Bloomberg's Mark Gurman. Gurman previously suggested the new iPads would come out in March, and then April, but the timeline has been pushed back once again. Subscribe to the MacRumors YouTube channel for more videos. Apple is working on updates to both the iPad Pro and iPad Air models. The iPad Pro models will...
General Apps Messages

Google Reveals When to Expect RCS Support on iPhone for Improved Texting With Android Users

Friday March 29, 2024 7:14 am PDT by
In November, Apple announced that the iPhone would support the cross-platform messaging standard RCS (Rich Communication Services) in the Messages app starting "later" in 2024, and Google has now revealed a more narrow timeframe. In a since-deleted section of the revamped Google Messages web page, spotted by 9to5Google, Google said that Apple would be adopting RCS on the iPhone in the "fall...
airtag new orange

Criminals in Montreal Using AirTags to Steal Vehicles

Friday March 29, 2024 12:50 pm PDT by
Thieves in Montreal, Canada have been using Apple's AirTags to facilitate vehicle theft, according to a report from Vermont news sites WCAX and NBC5 (via 9to5Mac). Police officers in Burlington, Vermont have issued a warning about AirTags for drivers who recently visited Canada. Two Burlington residents found Apple AirTags in their vehicles after returning from trips to Montreal, and these...
top stories 30mar2024

Top Stories: WWDC 2024 Announced, New iPads Delayed, and More

Saturday March 30, 2024 6:00 am PDT by
Apple's WWDC 2024 dates have been announced, giving us timing for the unveiling of the company's next round of major operating system updates and likely some other announcements. This week also saw some disappointing news on the iPad front, with update timing for the iPad Pro and iPad Air pushed back from previous rumors. We did hear some new tidbits about what might be coming in iOS 18 and...
iphone 16 cases sonny dickson 1

First iPhone 16 Cases Outline New Rear Vertical Camera Bump

Friday March 29, 2024 4:09 am PDT by
Photos of the first iPhone 16 cases have been shared online, offering another preview of the rumored new vertical rear camera arrangement on the standard iPhone 16 and iPhone 16 Plus. Image credit: Accessory leaker Sonny Dickson Over the last few months, Apple has been experimenting with different camera bump designs for the standard iPhone 16 models, all of which have featured a vertical ...
Apple iPhone 15 Pro spatial video capture lifestyle

$3 App Shoots Better Quality Spatial Video Than iPhone's Camera App

Friday March 29, 2024 4:48 am PDT by
A $3 third-party app can now record spatial video on iPhone 15 Pro models in a higher resolution than Apple's very own Camera app. Thanks to an update first spotted by UploadVR, Spatialify can now record spatial videos with HDR in 1080p at 60fps or in 4K at 30fps. In comparison, Apple's native Camera app is limited to recording spatial video in 1080p at 30fps. Shortly after Apple's Vision ...