A new security flaw discovered in Apple M-series chips could be used to extract keys used during encryption operations.
dubbing Go and get it, this vulnerability is related to a microarchitectural side-channel attack that exploits a feature called the Data Memory Dependent Prefetcher (DMP) to target constant-time encryption implementations and capture sensitive data from the CPU cache. Apple was informed of the findings in December 2023.
A prefetcher is a hardware optimization technology that predicts which memory addresses a currently running program will access in the near future and retrieves data from main memory into the cache accordingly. The goal of this approach is to reduce the memory access latency of the program.
A DMP is a prefetcher that considers memory contents based on previously observed access patterns when deciding what to prefetch. This behavior makes it ripe for cache-based attacks that trick prefetchers into leaking content relevant to the victim’s process that would otherwise be inaccessible.
GoFetch also builds on another micro-architectural attack called Augury, which exploits DMP to speculatively exfiltrate data.
“DMP initiates (and attempts to dereference) data loaded from memory,” said a team of seven academics from the University of Illinois at Urbana-Champaign, the University of Texas, Georgia Institute of Technology, and the University of California, Berkeley. The data ‘looks like’ a pointer,” the University of Washington and Carnegie Mellon University said.
“This is a clear violation of the requirements of the constant-time programming paradigm, which prohibits mixed data and memory access patterns.”
As with other such attacks, this setup requires that the victim and attacker have two different processes on the same computer and the same CPU cluster. Specifically, threat actors may lure targets into downloading malicious applications that exploit GoFetch.
What’s more, although the attacker and victim do not share memory, the attacker can monitor any microarchitectural side channels available, such as cache latency.
In short, GoFetch demonstrates that “even if the victim correctly separates data from addresses by following a constant-time paradigm, DMP generates secret-dependent memory accesses on behalf of the victim,” making it vulnerable to key extraction attacks.
In other words, an attacker can use the prefetcher to influence the prefetched data, thereby opening the door to access sensitive data. This vulnerability has serious implications because it completely eliminates the security protection provided by constant-time programming against timing side-channel attacks.
“GoFetch demonstrates that DMPs are more aggressive than previously thought and therefore pose a greater security risk,” the researchers noted.
The fundamental nature of the flaw means it cannot be fixed in existing Apple CPUs, requiring developers of cryptographic libraries to take steps to prevent conditions that allow GoFetch to succeed, which may also result in performance degradation. On the other hand, users are urged to keep their systems up to date.
However, on the Apple M3 chip, enabling Data Independent Timing (DIT) disables DMP. This is not possible on M1 and M2 processors.
“Apple silicon provides Data Independent Timing (DIT), which allows the processor to complete certain instructions in a constant amount of time,” Apple notes in its filing. “When DIT is enabled, the processor will use longer, worst-case times regardless of input data.” time to complete the instructions.”
The iPhone maker also emphasized that while turning on DIT can prevent time-based leaks, developers are advised to insist on “avoiding conditional branches and memory access locations based on the value of secret data” to effectively prevent adversaries from inferring secrets by paying close attention to the processor microarchitectural status.
Meanwhile, another team of researchers from the Technical University of Graz in Austria and the University of Rennes in France demonstrated a new graphics processing unit (GPU) attack affecting popular browsers and display cards that exploits a specially crafted JavaScript code to infer sensitive information, such as passwords.
The technique requires no user interaction and is described as the first GPU cache side-channel attack from within the browser.
“Because GPU computing can also provide advantages for computing within websites, browser vendors have decided to expose GPUs to JavaScript through APIs such as WebGL and the upcoming WebGPU standard,” the researchers said.
“Despite the inherent limitations of JavaScript and WebGPU environments, we built new attack primitives that enable cache side-channel attacks with effectiveness comparable to traditional CPU-based attacks.”
Threat actors can weaponize drive-by attacks to extract AES keys or mine cryptocurrency while users browse the web. It affects all operating systems and browsers that implement the WebGPU standard, as well as a wide range of GPU devices.
As a countermeasure, the researchers recommend treating browser access to the host system’s graphics card as a sensitive resource, requiring websites to ask for user permission before use (such as a camera or microphone).
