GoFetch Side-Channel Attack Impact Apple CPUs: Attackers Steal Secret Keys

Researchers have unveiled a new class of microarchitectural side-channel attacks that pose a severe threat to the security of Apple CPUs.

The attack, GoFetch, exploits the Data Memory-dependent Prefetchers (DMPs) in modern processors to extract secret cryptographic keys from constant-time cryptographic implementations.

Understanding the GoFetch Attack

The GoFetch attack is based on a new understanding of how DMPs behave.

Researchers have found that DMPs can be activated by any program and attempt to dereference any data brought into the cache that resembles a pointer.

This behavior places a significant amount of program data at risk and challenges the previously believed restrictions reported by prior work.

The cornerstone defense against side-channel attacks has been to ensure that security-critical programs do not use secret-dependent data as addresses.

However, the GoFetch attack demonstrates that attackers can bypass these defenses by exploiting the DMP to perform end-to-end key extraction on popular constant-time implementations of classical and post-quantum cryptography.

Reverse Engineering Apple and Intel DMPs

Researchers have reverse-engineered the DMP found on Apple CPUs and discovered new activation criteria.

They have also confirmed the existence of a similar DMP on Intel’s latest 13th generation (Raptor Lake) architecture, albeit with more restrictive activation criteria.

The researchers developed a new type of victim-agnostic chosen-input attack and associated attack primitives that do not require the attacker and victim to share memory.

They used these techniques to mount a proof-of-concept attack on constant-time swap operations.

Binni Shah recently tweeted about a new side-channel attack that exploits data memory-dependent prefetchers.

This attack leverages the timing behavior of memory access patterns to leak sensitive information from a victim process.

Disclosure and Industry Response

The findings were disclosed to Apple, OpenSSL, Go Crypto, and the CRYSTALS team.

Apple is investigating the proof of concept, while OpenSSL reported that local side-channel attacks fall outside their threat model.

The Go Crypto team considers the attack low severity, and the CRYSTALS team suggested pinning to the Icestorm cores without DMP as a short-term solution, with hardware fixes needed in the long term.

Implications for Processor Design

The GoFetch attack has shaken the foundations of modern processor design, calling into question the security of data memory-dependent prefetchers.

The discovery highlights the need to reevaluate current defenses and develop new strategies to protect against such microarchitectural side-channel attacks.

The above figure compares memory access patterns and subsequent prefetches, illustrating the activation pattern reported by Augury and the new findings that show DMP activations even when the training array contains non-pointer values.

The GoFetch attack is a stark reminder of the evolving landscape of cybersecurity threats and the continuous arms race between attackers and defenders.

As processors become more complex, the potential for such vulnerabilities increases, necessitating vigilant research and proactive defense mechanisms to secure our digital infrastructure.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.