Hardware-level Apple Silicon vulnerability can leak cryptographic keys

Hardware-level Apple Silicon vulnerability can leak cryptographic keys

March 22, 2024 at 11:06AM

A new side-channel vulnerability, GoFetch, has been discovered in Apple Silicon processors, allowing malicious apps to extract cryptographic keys by exploiting the DMP feature. The vulnerability affects Apple M1, M2, and M3 chips, as well as Intel’s 13th Gen Raptor Lake microarchitecture. Disabling DMP may degrade performance, and third-party cryptographic programs may offer potential fixes. Apple’s response is not fully disclosed.

The meeting notes discuss a new side-channel vulnerability named GoFetch found in Apple Silicon processors, such as the M1, M2, and M3 chips, as well as in 13th generation and newer Intel architectures. The vulnerability arises from the way processors equipped with data memory-dependent prefetchers (DMPs) implement certain cryptographic operations, enabling malicious apps to extract cryptographic keys.

The researchers successfully mounted end-to-end attacks on Apple hardware containing M1 processors and found similar exploitable behavior in base-model M2 and M3 Apple Silicon CPUs. While Intel processors, specifically the 13th Gen Raptor Lake microarchitecture, also feature a DMP, their activation criteria are more restrictive, making them less susceptible to these attacks.

As for potential fixes, the DMP can be disabled on M3 CPUs but not on M1 and M2 chips, and doing so is likely to seriously degrade performance. The other alternative is to rely on third-party cryptographic programs to enhance their implementations and prevent attacks from succeeding. It is noted that similar fixes are available for Intel chips.

Regarding Apple’s plans in response to the vulnerability, their specific actions are not immediately clear. Apple did acknowledge the research and pointed to developer documentation on how to implement mitigations, which they admitted will degrade CPU performance.

In summary, the affected chips include Apple’s M1, M2, and M3 processors, as well as 13th generation and newer Intel architectures. Potential fixes involve disabling the DMP, relying on third-party cryptographic programs to enhance their implementations, or awaiting potential actions from Apple to address the vulnerability.

Full Article