Researchers unearthed a significant vulnerability lurking within Apple’s M-1 and M-2 chips, potentially exposing a chink in the armor of the tech giant’s acclaimed security infrastructure. Dubbed “GoFetch,” this exploit targets the microarchitecture of Apple’s chips, exploiting a flaw that could unravel the secrecy of cryptographic operations.
GoFetch Attack Explained
At its core, GoFetch operates as a microarchitectural side-channel attack, capitalizing on a feature known as the data memory-dependent prefetcher (DMP) to grab secret keys utilized during cryptographic operations. Prefetchers, an integral component of hardware optimization, predict and retrieve data into the cache from main memory, aiming to mitigate program memory access latency. However, DMP, a variant of prefetchers, evaluates memory contents based on past access patterns, paving the way for cache-based assaults.
GoFetch has been discovered by a collaborative team of academics from prestigious institutions like the University of Illinois Urbana-Champaign and Carnegie Mellon University. The modus operandi of GoFetch hinges on the proximity of victim and attacker processes sharing the same CPU cluster, opening avenues for exploitation through banal means, such as making victims download malicious applications. Even in scenarios where memory is not shared, the attacker can exploit microarchitectural side channels, such as cache latency, to orchestrate covert data extraction.
The impact of GoFetch is large, exposing vulnerabilities within constant-time programming and leaving cryptographic operations vulnerable to key extraction. Addressing this flaw presents a formidable challenge, with current Apple CPUs unable to provide a direct fix. Consequently, it demands a collaborative endeavor from cryptographic library developers to bolster defenses against potential breaches.
As GoFetch casts a shadow over Apple’s M1 and M2 processors, the introduction of M3 chips brings a glimmer of hope with the implementation of data-independent timing (DIT). This feature, available on M3 chips, serves as a defense mechanism against timing-based vulnerabilities, although it may lead to a slight performance trade-off.
GPU Cache Side-Channel Attack Also Discovered
However, amidst the discourse surrounding GoFetch, the cybersecurity sphere faces another challenge arising from web browsing. Discovered by researchers at Graz University of Technology and the University of Rennes, a GPU cache side-channel attack has also emerged, capable of covertly harvesting sensitive data from unsuspecting internet users.
This new attack technique, using JavaScript code on websites, marks a big change in cyber threats. It goes beyond the usual CPU-based attacks we’re used to. As web browsers start using GPU computing more with technologies like WebGL and WebGPU, the risk to users on different systems and browsers goes up a lot.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: