PSA: Apple Silicon chips vulnerable to encryption key theft

Apple Silicon chips have been praised for their performance and efficiency, but recent discoveries have unveiled vulnerabilities that could compromise user data security.

The vulnerability, known as the GoFetch attack, exploits a fundamental design issue in Apple’s M-series chips. This has significant implications for data security, especially concerning cryptographic operations and the protection of sensitive information on Apple devices.

Apple Silicon

GoFetch: A side-channel attack targeting Apple Silicon cryptography

Researchers have identified a vulnerability in Apple Silicon chips related to how they handle cryptographic operations. This vulnerability, known as the GoFetch attack, takes advantage of the Data Memory Dependent Prefetcher (DMP), a hardware optimization feature that predicts memory addresses of data likely to be accessed by running code. By manipulating data to look like pointers, attackers can trick the DMP into fetching sensitive information into the CPU cache, making it accessible to malicious code.

The GoFetch attack can be executed with user-level privileges, making it accessible to third-party macOS applications without requiring root access. It targets both classical encryption algorithms and newer quantum-hardened versions, posing a significant threat to data security on Apple devices. The attack’s efficiency is demonstrated by its ability to extract encryption keys, such as a 2,048-bit RSA key, in less than an hour, highlighting the severity of the vulnerability.

Apple's M3 Family: A new era of performance and efficiency

Addressing the GoFetch vulnerability poses challenges as it stems from the chip’s fundamental design rather than software issues. Mitigations must be implemented by developers of cryptographic software, such as employing constant-time programming and ciphertext blinding techniques. However, these defenses come with performance penalties, impacting encryption operations’ efficiency on affected chips.

M1 Max vs M1 Pro vs M1

While immediate mitigations are necessary, long-term solutions require a broader hardware-software approach to account for vulnerabilities like the GoFetch attack. This includes selectively disabling the DMP feature for security-critical applications and enhancing hardware capabilities to mitigate side-channel attacks. Apple and other chip manufacturers are urged to collaborate on robust security measures to safeguard user data effectively.

The GoFetch attack echoes previous chip vulnerabilities like Meltdown and Spectre, highlighting the ongoing challenges in ensuring hardware security. Manufacturers must stay vigilant and proactive in addressing vulnerabilities to maintain user trust and data integrity.

(via ArsTechnica)

About the Author

Asma is an editor at iThinkDifferent with a strong focus on social media, Apple news, streaming services, guides, mobile gaming, app reviews, and more. When not blogging, Asma loves to play with her cat, draw, and binge on Netflix shows.

1 comment

  1. If not for all the issues in the past with Spectre and Meltdown I could give Apple a pass. But even with this being a low potential threat, it is obvious Apple chose performance over security with the Apple silicon even though there is history of this threat being presence. Now its out and Apple faces the same unpopular solution as Intel and AMD did. To fix requires a hit on performance. Just dumb on Apple’s part.

Leave a comment