GoFetch Vulnerability in Apple M-Series Chips Can Lead to Leaked Encryption Keys

apple silicon chip flaw

Security researchers at several universities have discovered and disclosed a flaw in Apple’s M-series chips found in the latest Macs. Named “GoFetch”, this flaw depends on the chip’s Data memory-dependent prefetcher (DMP) feature, which is typically used to load things into the CPU cache. Researchers reverse-engineered the DMP and found that it could leak sensitive encryption keys under some specific scenarios.

This flaw comes as the result of chip design, so it is unpatchable. It isn’t necessarily new, as it was previously discovered in 2022. However, this time around, researchers found that the “DMP is significantly more aggressive than previously thought” as they were able to demonstrate the attack in real code by loading their own data that the DMP will usually look for. As they explain:

“To exploit the DMP, we craft chosen inputs to cryptographic operations, in a way where pointer-like values only appear if we have correctly guessed some bits of the secret key. We verify these guesses by monitoring whether the DMP performs a dereference through cache-timing analysis. Once we make a correct guess, we proceed to guess the next batch of key bits. Using this approach, we show end-to-end key extraction attacks on popular constant-time implementations of classical (OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum cryptography (CRYSTALS-Kyber and CRYSTALS-Dilithium).”

There are a lot of technical aspects to this, and the folks at ArsTechnica have a deep dive into how this works. Unfortunately, though, it seems like a fix isn’t easy, as it could result in performance drops since the fix will have to be cryptographic software-dependent. As scary as it might sound, though, this type of attack requires local access to a Mac and could take hours to run. Apple hasn’t responded to requests for comment. You should always keep your Mac and its software updated to help stay protected.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.