March 25, 2024 at 05:39AM
A new security loophole in Apple M-series chips, called GoFetch, enables extraction of secret keys during cryptographic operations. Exploiting the Data Memory-Dependent Prefetcher (DMP), it targets constant-time cryptographic implementations to access sensitive data. This flaw can’t be fixed in existing Apple CPUs, posing a significant risk and requiring developers to take preventive actions.
From the meeting notes, the key takeaways are the following:
1. A new security vulnerability, named GoFetch, has been discovered in Apple M-series chips that can be exploited to extract secret keys used during cryptographic operations.
2. This vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data from the CPU cache.
3. GoFetch builds on the foundations of another microarchitectural attack called Augury that employs DMP to leak data speculatively.
4. The flaw in Apple M-series chips cannot be fixed in existing CPUs, and developers of cryptographic libraries need to take steps to prevent conditions that allow GoFetch to succeed, potentially introducing a performance hit.
5. For Apple M3 chips, enabling data-independent timing (DIT) has been found to disable DMP, but this is not possible on M1 and M2 processors.
6. Another group of researchers has demonstrated a new GPU attack affecting popular browsers and graphics cards that leverages specially crafted JavaScript code in a website to infer sensitive information such as passwords, impacting all operating systems and browsers implementing the WebGPU standard.
7. Countermeasures for the GPU attack include websites seeking users’ permission before accessing the host system’s graphics card.
Additionally, the meeting notes suggest following up with the referenced sources “on Twitter and LinkedIn to read more exclusive content.” If you need further details or assistance in addressing any of these points, please feel free to ask.