A team of researchers from the United States has successfully executed a side-channel attack against Apple’s M-series silicon, revealing a vulnerability in the constant-time encryption processes employed by the company.

This attack method allows adversaries to extract encryption keys, compromising the security of sensitive data stored on devices powered by Apple’s M-series chips. The demonstration underscores the importance of robust security measures and highlights the ongoing efforts required to mitigate potential threats to cryptographic systems.

The attack, named GoFetch by the researchers, targets “data memory-dependent prefetchers” (DMPs), a component of the Apple M-series silicon architecture. This vulnerability allows attackers to exploit prefetchers to retrieve sensitive data, including encryption keys, through side-channel attacks. By leveraging DMPs, adversaries can circumvent security measures and access confidential information stored within the system.

Data memory-dependent prefetchers (DMPs) are a hardware optimization technique designed to improve performance by predicting and prefetching memory addresses likely to be accessed by running code. These prefetchers operate by speculatively fetching data into cache before it is actually needed, based on patterns observed in program memory access. In the case of the GoFetch attack, researchers discovered a method to manipulate the data being prefetched by influencing the behavior of DMPs. By exploiting this vulnerability, attackers can control the prefetching process and extract sensitive information, such as encryption keys, through side-channel attacks.

In their paper, the researchers demonstrated that the Apple Data Memory Prefetcher (DMP) can be triggered by any program, even those unrelated to the targeted victim program. Once activated, the DMP attempts to prefetch and leak cached data that resembles a memory pointer. This behavior exposes a potential security vulnerability, as attackers can exploit the DMP’s indiscriminate prefetching to access sensitive information stored in memory, including encryption keys.

The researchers showcased the effectiveness of the GoFetch attack by targeting various cryptographic implementations, including OpenSSL’s Diffie-Hellman key exchange, Go’s RSA decryption, as well as post-quantum cryptography algorithms such as CRYSTALS-Kyber and CRYSTALS-Dilithium. This demonstrates the wide-ranging implications of the attack, highlighting its ability to compromise the security of cryptographic protocols across different programming languages and encryption schemes.

While GoFetch is limited to local attackers, which mitigates its severity to some extent, the paper underscores that addressing this vulnerability may necessitate hardware changes. This implies that mitigating the risk posed by GoFetch could require modifications to the underlying hardware architecture, potentially presenting a significant challenge for addressing the vulnerability effectively.

Apple has advised developers to consider possible mitigations for the GoFetch attack based on how encryption software is written. This guidance aims to assist developers in enhancing the security of their software and reducing the risk of vulnerability to side-channel attacks like GoFetch. By following Apple’s recommendations, developers can strengthen the encryption processes used in their applications and minimize the likelihood of key extraction through side-channel attacks.

The team behind the research on the GoFetch attack comprises researchers from multiple academic institutions, including the University of Illinois Urbana-Champaign, the University of Texas, Austin, Georgia Tech, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University.