The newly exposed GoFetch vulnerability affecting Apple M1, M2 and M3 chips allows an attacker to extract secret keys from cryptographic applications on a target system. The exploit works by running a rogue process on the same CPU cluster as the target process on the target machine. There is currently no simple mitigation for this vulnerability, as it resides in the hardware.
What is the vulnerability of GoFetch?
GoFetch is a cache side channel vulnerability. This type of vulnerability targets a particular cache of the system by analyzing secondary data.
Apple silicon chips M1, M2, and M3 have a Data Memory-Dependent Prefetcher, which is a hardware part of the chip responsible for predicting the memory addresses of data that is likely to be accessed by code executed on the chip. the computer in the near future and store them in a cache. However, DMPs, unlike classic prefetchers that only store the memory access pattern, “also take into account the contents of the data memory directly to determine what to prefetch,” as written in the post by Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin that reveals all the details about the GoFetch vulnerability.
The DMP has behavior that makes the GoFetch vulnerability possible: it sometimes confuses the contents of memory with the value of the pointer used to load other data. As the researchers explained, the GoFetch vulnerability can be exploited by creating “chosen inputs for cryptographic operations, in a way where pointer-like values only appear if we have correctly guessed some bits of the secret key.” Therefore, by repeating those operations on different bits, it is possible to guess all the bits of a secret key.
Tests carried out by the researchers showed that it was possible to extract keys from popular encryption products (OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption), but also from post-quantum cryptography such as CRYSTALS-Kyber and CRYSTALS-Dilithium. However, the researchers wrote that “while we demonstrated end-to-end attacks on four different cryptographic implementations, it is likely that more programs are at risk given similar attack strategies.”
What is a cache side channel vulnerability?
Imagine you have a locked safe whose code you don't know, but you know that the sound the dial makes when you turn it changes depending on which number you are on. So you listen carefully to the sound the dial makes when you turn it, and you can figure out the combination that way, even if you don't know the actual numbers.
A side channel attack works in a similar way. Instead of trying to break the encryption directly, an attacker looks for other clues that might reveal the secret information. For example, they could use a device to measure the amount of power a computer uses while performing encryption operations. By analyzing patterns in power usage, they can discover the key that was used to encrypt the data, even if they don't know the algorithm. This can be a very effective way to bypass security measures and gain access to sensitive information.
What are the mandatory conditions for successful exploitation of the GoFetch vulnerability?
To successfully exploit the GoFetch vulnerability, an attacker must first be able to execute code with the privileges of the logged in user, meaning the target computer has already been compromised. The exploit code used by the attacker must then be executed as a process running on the same CPU cluster of the target machine.
“These conditions are not so impossible, unfortunately malware proves it every day. No special privileges are needed,” said Fred Raynal, CEO of Quarkslab, a French offensive and defensive security company, in a written interview with TechRepublic.
Raynal added: “On OS You can, but a popup window appears. With this attack, there are no pop-ups. It is completely invisible and no additional privileges are needed to access data between two processes.”
What systems are vulnerable to GoFetch?
Apple computers that have the M1, M2, or M3 chip are vulnerable to GoFetch. There is a difference on the M3 because turning off the independent data sync bit disables the DMP, which is not possible on the M1 and M2.
The researchers noted that a similar DMP exists on Intel's latest 13th generation architecture (Raptor Lake), but with more restrictive activation criteria, making it resistant to the GoFetch vulnerability. Additionally, like the M3 chip, Raptor Lake processors can disable DMP using the data operand-independent sync bit.
GoFetch Threat Mitigation
According to the researchers, disabling DMP would incur heavy performance penalties and is probably not possible on M1 and M2 CPUs.
Cryptographic techniques similar to blinding could be applied. “For example, by instrumenting the code to add/remove masks to sensitive values before/after being stored/loaded from memory,” the researchers explain. However, a major disadvantage of this approach is that it requires potentially custom code changes for DMP in each cryptographic implementation, as well as heavy performance penalties for some cryptographic schemes.
It is also possible to only run all cryptographic code on Icestorm cores, since DMP is not enabled on them. However, this solution would greatly reduce performance and there is a risk that in the future DMP will also be silently enabled on those cores.
DOWNLOAD: TechRepublic Premium Quick Glossary of Cybersecurity Countermeasures
Therefore, hardware support appears to be the long-term solution, as the researchers write:
“In the long term, we believe that the correct solution would be to extend the hardware and software contract to take into account the DMP. At a minimum, the hardware should expose to the software a way to selectively disable the DMP when running security-critical applications. This already has an emerging precedent in the industry. For example, Intel's DOIT extensions specifically mention disabling their DMP through an ISA extension. In the longer term, more fine-grained control would be ideal, for example to restrict the DMP to only prefetch specific buffers or designated non-sensitive memory regions.”
The best protection for now remains to prohibit remote code execution on the vulnerable computer so that an attacker cannot exploit GoFetch, as with any other type of malicious code. Therefore, it is highly recommended to always keep hardware, systems and software updated and patched to avoid being compromised by any malware or attacker who may then execute a GoFetch exploit.
Additionally, users should not be allowed to install any software from untrusted third parties; They should also be wary of phishing emails that could contain malicious code or links to malicious code.
Divulgation: I work for Trend Micro, but the opinions expressed in this article are my own.
