Researchers have discovered a new side-channel vulnerability in Apple’s M-series processors that they say could be used to extract secret keys from Mac devices when they perform cryptographic operations.
Academic researchers from the University of Illinois Urbana-Champaign, University of Texas at Austin, Georgia Institute of Technology, University of California, University of Washington and Carnegie Mellon University, explained in a research paper that the vulnerability, called GoFetch, was found in the the chips’ data memory-dependent prefetcher (DPM), an optimization mechanism that predicts the memory addresses of data that active code might access in the near future.
Because the data is preloaded, the chip achieves performance gains. However, because the prefetchers make predictions based on previous access patterns, they also create state changes that the attackers can observe and then use to leak sensitive information.
GoFetch risk
The vulnerability is similar to that exploited in Spectre/Meltdown attacks, as they too observed the data the chips had preloaded to improve the performance of the silicon.
The researchers also noted that this vulnerability cannot be patched in principle, as it is derived from the design of the M-chips themselves. Instead of a patch, developers can simply build defense mechanisms into third-party cryptographic software. The caveat to this approach is that it could seriously hinder the performance of the processors for cryptographic operations.
Apple has so far declined to discuss the researchers’ findings, emphasizing that any performance improvements would only be visible during cryptographic operations.
While the vulnerability itself may not affect the regular Joe, a future patch that harms the device’s performance could.
Those interested in reading about GoFetch in depth should read the research paper here.
Through Ars Technica