New GoFetch attack on Apple Silicon CPUs can steal crypto keys

Original Source: Bleeping Computer

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.

The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers (DMPs) found in modern Apple CPUs. This allows it to recreate the private cryptographic keys for various algorithms, including OpenSSL Diffie-Hellman, Go RSA, CRYSTALS Kyber, and Dilithium from the CPU's cache.

GoFetch was developed by a team of seven researchers from various universities in the U.S., who reported their findings to Apple on December 5, 2023.

However, as this is a hardware-based vulnerability, there is no way to fix it in impacted CPUs. While it would be possible to mitigate the flaws using software fixes, this would cause a performance hit on these CPUs' cryptographic functions.

GoFetch details

The GoFetch attack targets data memory-dependent prefetchers, a CPU feature designed to improve computer performance when executing code.

A prefetcher is trained by previous accesses to memory when retrieving data, allowing it to predict what data the computer will need next. This data is then fetched in advance from slower parts of memory into faster memory regions, like the CPU cache.

If the prediction is accurate, the data is now quickly available, increasing the computer's performance. If the guess was wrong, the CPU simply requests the correct data as usual.

The GoFetch attack focuses on a newer prefetcher called a data memory-dependent prefetcher (DMP). This prefetcher can also be trained on previous memory access, but can also examine data values in memory to determine what should be prefetched to the cache.

DMP is available in Apple silicon chips and Intel's 13th Gen Raptor Lake CPUs. However, the researchers say Intel's implementation is more restrictive and prevents the attack.

The attack focuses on cryptographic implementations that take the same amount of time to execute regardless of the input (constant time), which is a security measure to prevent sensitive data leaks.

Specifically, the researchers found a flaw in Apple's implementation of the DMP system that violates constant-time good practices.

"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates (and attempts to dereference) data loaded from memory that "looks like" a pointer," reads the summary of the attack.

"This explicitly violates a requirement of the constant-time programming paradigm, which forbids mixing data and memory access patterns."

The attackers can craft special inputs that cause the prefetcher to dereference data, which will appear as pointers if certain bits of the secret key are correctly guessed.

Next, they observe whether DMP activates or not, gradually inferring bits of the secret key. With enough repetitions of the process, the entire secret cryptographic key may be reconstructed.

Time to derive full keys
Time to derive full keys (online - live attack, offline - post-processing)

The researchers confirmed the M1 processors are susceptible to this scheme, and considering that M2 and M3 have similar prefetching behavior, they're likely vulnerable too.

More details about the GoFetch attack can be found in the technical paper published by the researchers, with a proof-of-concept exploit being released at a later date.

[embedded content]

What should Apple owners do?

Unfortunately, as the weakness is part of the implementation of the data memory-dependent prefetcher built directly into Apple CPUs, there is no way to mitigate the attack with a hardware fix.

The researchers say it's possible to disable DMP on some CPUs, like the M3, removing the prefetching behavior that GoFetch relies on. However, this is not possible on M1 and M2.

Other defense measures for developers include input blinding and DMP activation masking, which obfuscate the results of the attacker's input on the DMP level.

While Apple could introduce mitigations into macOS as a software patch, it would cause performance hits, as we saw in previous software fixes for side-channel attacks.

As an Apple user, there is not much you can do other than practice safe computing habits. That means regularly updating your operating system and software and only installing software from official channels and reputable sources to prevent malware infections.

The GoFetch attack does not require physical access for exploitation, so if the attacker can run code on the target machine, for example, via malware infection, it can be executed remotely.

BleepingComputer has contacted Apple to request a comment on the GoFetch danger and whether it plans to roll out security updates, but a spokesperson was limited to sharing a developer page outlining a mitigation.

Source URL:

Author: Bill Toulas

Leave a Comment