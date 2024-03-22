Key Takeaways Apple's M-series chips have a hardware flaw that can leak sensitive information through DMPs.

All Apple Silicon Macs are vulnerable until a software fix is applied for the GoFetch exploit.

Researchers suggest drastic solutions like disabling DMPs or using efficiency cores to mitigate risks.

A new research paper has uncovered a significant security vulnerability in Apple's M-series chips, and one that is unpatchable from a hardware standpoint. The flaw stems from a hardware feature called a data memory-dependent prefetcher (DMP), which is designed to speed up program execution by predicting and preloading data that may be needed in the future. However, researchers have found that these DMPs can inadvertently leak sensitive information and that it's a fundamental hardware flaw that leads to their leakage.

If you have an Apple Silicon-based Mac, the only thing you can do is be careful with the software that you run. Until a software fix is applied for GoFetch, the name of the vulnerability, all Apple Silicon Macs are vulnerable. Even then, a software fix, the researchers allege, is very likely to impede performance of certain cryptographic operations.

How Apple's M-series chips are vulnerable to side-channel attacks

Turns out security is complicated

The problem arises because DMPs can access and prefetch data based on the contents of program memory, even if that data is never directly used by the running software. This undermines a key defense against so-called "side-channel attacks", where an attacker infers secrets by observing subtle effects of a program's execution, such as changes in timing or cache behavior. Many cryptographic algorithms are implemented using "constant-time programming" techniques to avoid leaks like this, but DMPs, at least in Apple's case, can circumvent these defenses.

In this particular case, the researchers found that DMPs in processors like the Apple M1 are much more indiscriminate than previously believed. They can activate for almost any program and will prefetch any data that looks like a memory address. By carefully crafting program inputs, an attacker can trick the DMP into leaking secret cryptographic data in a way that can be measured from a program running on-device. This is because any data that resembles a pointer in the cache will be leaked by the DMP.

Using these techniques, the researchers demonstrated practical attacks against several important cryptographic implementations. They were able to extract secret keys from "constant-time" versions of RSA encryption, Diffie-Hellman key exchange, and even post-quantum cryptography algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium.

The researchers suggest that processor designers should provide a way to disable DMPs for security-sensitive software as a "drastic solution." There are a few key alternatives though that may mitigate the performance impact.

Using efficiency cores : The DMP does not activate on code running on efficiency cores, meaning that there is no risk of leakage. However, this is likely to be computationally expensive and may also change at any time in the future.

: The DMP does not activate on code running on efficiency cores, meaning that there is no risk of leakage. However, this is likely to be computationally expensive and may also change at any time in the future. Blinding : Cryptographic blinding techniques can be used to mask sensitive values when storing/loading them from memory. However, this requires custom modifications for each cryptographic implementation vulnerable to DMP attacks, and may significantly degrade performance for certain schemes.

: Cryptographic blinding techniques can be used to mask sensitive values when storing/loading them from memory. However, this requires custom modifications for each cryptographic implementation vulnerable to DMP attacks, and may significantly degrade performance for certain schemes. Ad-Hoc Support: One can build defences that target individual parts of the attack, though this would leave the root cause, the DMP, unaddressed.

For now, if you own a Macbook, there's not much you can really do about this attack. Aside from being vigilant about the software that you run and installing updates as they come, you'll need to wait for Apple to release an update that specifically addresses this DMP exploit. Assuming that there's something the company can do about it, it's likely that cryptographic performance will end up being impacted.