"Unpatchable" vulnerability found in Apple's silicon

By

Side-channel reveals encryption keys.

A group of US academics has demonstrated a side-channel attack against Apple’s M-series silicon, extracting keys from constant-time encryption processes.

"Unpatchable" vulnerability found in Apple's silicon

The attack, which the researchers dubbed GoFetch, works against “data memory-dependent prefetchers” (DMPs).

DMPs are a hardware optimisation technique which try to prefetch addresses found in program memory. The DMP predicts the memory addresses of data most likely to be accessed by the code that’s running, and the attackers worked out how to influence the data being prefetched, creating the path for a data leak.

In a paper [pdf], they showed that “among other things, the Apple DMP will activate on behalf of any victim program and attempt to ‘leak’ any cached data that resembles a pointer”.

The researchers demonstrated the GoFetch attack against OpenSSL’s Diffie-Hellman key exchange, Go’s RSA decryption, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium implementations.

GoFetch is limited to local attackers, which constrains its severity but the paper notes that it may require hardware changes to fix.

Apple said there are possible mitigations based on how encryption software is written and provides this advice for developers.

The research was conducted by Boru Chen of the University of Illinois Urbana-Champaign; Yingchen Wang of the University of Texas, Austin; Pradyumna Shome and Daniel Genkin of Georgia Tech; Christopher Fletcher of the University of California, Berkeley; David Kohlbrenner from the University of Washington; and Riccardo Paccagnella of Carnegie Mellon University.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?