Security researchers have discovered a serious vulnerability in Apple’s M-series chips that could allow attackers to steal encryption keys from Macs. This critical flaw, dubbed “GoFetch,” affects how the chip prefetches data and can be exploited by malicious applications to extract secret keys used for various cryptographic operations.
What is the Vulnerability?
The vulnerability resides in a hardware optimization feature called a data memory-dependent prefetcher (DMP). This chip feature aims to speed up performance by predicting the memory addresses the code will likely need next. However, researchers have identified a way to manipulate the DMP into revealing secret keys.
“The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon,” explained the research team in an email. “Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access.”
Why is This Important?
Encryption keys are crucial for safeguarding sensitive data. If attackers can steal these keys, they can potentially decrypt your files, emails, and other confidential information. This vulnerability is particularly concerning because it affects a wide range of cryptographic protocols, including those used for everyday tasks like secure browsing and online transactions.
Is There a Fix?
Unfortunately, the vulnerability cannot be patched directly on the chip itself because it stems from the hardware design. The onus falls on software developers to implement workarounds in their code. These workarounds, such as ciphertext blinding, can significantly slow down cryptographic operations.
What Can You Do?
Keep an eye out for software updates that address the GoFetch vulnerability.
Be aware that other cryptographic protocols may also be susceptible.
Due to the manual process of identifying vulnerable applications, exercising caution is recommended until a permanent solution is implemented.
The Future of M-Series Chip Security
Researchers believe a long-term solution lies in a broader hardware-software collaboration. “Longer term, we view the right solution to be to broaden the hardware-software contract to account for the DMP,” they wrote. “At a minimum, hardware should expose to software a way to selectively disable the DMP when running security-critical applications.”
Apple has not yet commented on the GoFetch research, but hopefully, a permanent fix will be addressed in future chip iterations.