March 22, 2024 at 07:54AM
A team of US researchers revealed a new side-channel attack named GoFetch, targeting Apple CPUs to extract secret encryption keys. By exploiting a hardware optimization, they inferred keys through specially crafted inputs and demonstrated successful attacks on various cryptographic implementations. The findings were reported to Apple and other developers for investigation and potential mitigations.
From the meeting notes, it is evident that a team of researchers has discovered a new side-channel attack method called GoFetch, targeting systems powered by Apple CPUs. The attack enables the extraction of secret encryption keys from constant-time cryptographic implementations, requiring local access to the targeted system.
The attack exploits a hardware optimization called data memory-dependent prefetcher (DMP) and is able to infer secret keys by monitoring the behavior of the DMP. The researchers successfully demonstrated end-to-end key extraction attacks against various cryptographic implementations.
Notably, the attack has been conducted against Apple M1 processors, with potential applicability to M2 and M3 processors. It was reported to Apple, OpenSSL, Go Crypto, and CRYSTALS developers in December 2023. However, addressing the issue fully poses challenges, with proposed countermeasures involving hardware changes or performance-impacting mitigations.
Apple is currently investigating the issue, and the researchers have published a paper detailing their work, with plans to release proof-of-concept (PoC) code, as well as a video demonstrating the key extraction exploit.
This development underscores the significance of addressing potential vulnerabilities in systems powered by Apple CPUs and the importance of implementing effective countermeasures to mitigate such side-channel attack methods.