Academic researchers have identified a new vulnerability within Apple’s M-series chips that could allow attackers to extract cryptographic keys from Mac devices.
According to technology blog Ars Technica, this flaw is deeply rooted in the microarchitectural design of the silicon, rendering it impossible to rectify through conventional software patches. Instead, mitigating this risk necessitates modifications to third-party encryption software, which may adversely affect the performance of cryptographic operations, particularly on the earlier M1 and M2 chip models.
Mitigation efforts and the challenges
The vulnerability exploits the data memory-dependent prefetcher (DMP), a hardware optimization in Apple’s silicon that aims to improve computing efficiency by preloading anticipated data into the CPU cache. However, this feature inadvertently creates a side channel that could be leveraged to access and leak cryptographic keys. The exploit, dubbed GoFetch by the researchers, is notable for its ability to mine secrets without requiring elevated system privileges, only necessitating the same level of access as most third-party applications on macOS.
GoFetch has been demonstrated to be effective against a range of encryption standards, including those designed to withstand future quantum computing threats. The attack’s efficacy is showcased through its capability to extract various types of cryptographic keys within feasible timeframes, presenting a tangible threat to data security.
Addressing this vulnerability is complex due to its hardware basis. Among the proposed countermeasures is ciphertext blinding, although this method is specific to certain algorithms and could double the computing resources required for processes like Diffie-Hellman key exchanges. Alternatively, running cryptographic operations on the M-series’ efficiency cores, which lack DMP, has been suggested, though this, too, comes with limitations.
This vulnerability highlights the challenges of securing cryptographic operations against microarchitectural side channels. The research team has called for a collective approach to the hardware-software interface to better protect against such vulnerabilities, suggesting mechanisms for selectively disabling the DMP during critical security operations.
