Researchers have discovered a vulnerability etched into the design of Apple's M-series chips that could allow attackers to extract secret encryption keys when performing cryptographic operations.
Six academic researchers from institutions across the United States wrote a paper describing a vulnerability they called 'Fetch', which leaks cryptographic data from the CPU cache that hackers can use to reconstruct a cryptographic key.
“GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).” stated a blog published by the authors.
GoFetch is based on exploiting a relatively new microarchitectural design feature only found in Apple's M-series chips and Intel's Raptor Lake microarchitecture intended to reduce memory access latency, a neck of common bottle on the CPU.
DMPs proactively load data into the CPU cache before it is directly required, helping to reduce latency between main memory and the CPU.
This technology is vulnerable to cache side-channel attacks that “observe the side effects of the victim program's secret-dependent accesses to the processor cache,” according to the document.
During the prefetching process, the DMP must make a series of predictions about what data will be needed, based on previous access patterns, and attackers can exploit this side channel to steal information.
A popular workaround to neutralize this threat is constant-time scheduling, which standardizes the execution time of operations regardless of input size by ensuring that data does not have secret-dependent memory accesses.
The new paper by Chen et al. demonstrates how DMPs often compromise the security of constant-time programming by mixing the contents of memory with pointer values that are used to tell the DMP to load other data.
“We show that even if a victim correctly separates data from addresses following the constant time paradigm, the DMP will generate secret-dependent memory access on behalf of the victim, resulting in a variable time code susceptible to our “key extraction attacks,” Chen et al. explained.
Applications using the GoFetch attack can manipulate the data to make it look like a pointer value, which the DMP treats as an address and pushes the data from this location to the cache, which is then visible and leaked through the side channels of the cache.
The vulnerability can be exploited when the targeted cryptographic operation is executed on the same CPU cluster as the malicious application.
The authors stated that they will soon release proof-of-concept code that will demonstrate GoFetch's attack path.
A defect in Apple's M series chips is 'irreparable'
This vulnerability cannot be addressed directly, as it stems from the microarchitectural design of the silicon itself, the article states.
Notably, Intel's Raptor Lake CPU architecture does not share this vulnerability with its M-series counterparts, despite sharing the same prefetch as Apple's chips.
This shows that the vulnerability can be addressed by altering the silicon, but this will only be available for future Apple M-series architectures, where the CPU architecture will need to be redesigned.
As a result, current M-series chips exposed to the vulnerability cannot be patched in silicon, and companies using these devices can only attempt to mitigate the potential damage that could occur from a successful exploit using third-party software.
But integrating additional layers of protection into third-party cryptographic software will significantly impact encryption and decryption performance, leaving developers with a difficult choice between efficiency and security.
As of this writing, Apple has not released any release date for an official fix.