"Unpatchable" vulnerability found in Apple's silicon

By

Side-channel reveals encryption keys.

A group of US academics has demonstrated a side-channel attack against Apple’s M-series silicon, extracting keys from constant-time encryption processes.

"Unpatchable" vulnerability found in Apple's silicon

The attack, which the researchers dubbed GoFetch, works against “data memory-dependent prefetchers” (DMPs).

DMPs are a hardware optimisation technique which try to prefetch addresses found in program memory. The DMP predicts the memory addresses of data most likely to be accessed by the code that’s running, and the attackers worked out how to influence the data being prefetched, creating the path for a data leak.

In a paper [pdf], they showed that “among other things, the Apple DMP will activate on behalf of any victim program and attempt to ‘leak’ any cached data that resembles a pointer”.

The researchers demonstrated the GoFetch attack against OpenSSL’s Diffie-Hellman key exchange, Go’s RSA decryption, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium implementations.

GoFetch is limited to local attackers, which constrains its severity but the paper notes that it may require hardware changes to fix.

Apple said there are possible mitigations based on how encryption software is written and provides this advice for developers.

The research was conducted by Boru Chen of the University of Illinois Urbana-Champaign; Yingchen Wang of the University of Texas, Austin; Pradyumna Shome and Daniel Genkin of Georgia Tech; Christopher Fletcher of the University of California, Berkeley; David Kohlbrenner from the University of Washington; and Riccardo Paccagnella of Carnegie Mellon University.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?