Flaw in Macs with Apple Silicon leaves encryption keys vulnerable

A new vulnerability has been discovered in processors Apple Silicon of the Macs — which was named GoFetch. The flaw allows encryption keys to be extracted from the system, in addition to being caused by an error in the microarchitecture of the chip itself. To make matters worse, mitigating the breach — which cannot be directly corrected — could lead to a decrease in computer performance.

The attack can occur when encryption operations and the malicious application are (with conventional system permissions) running on the same cluster of the processor. More specifically, as highlighted by ArsTechnicathe threat is in prefetch dependent on memory data, known as DMP.

DMP is a memory optimization that predicts the data paths that codes will use in the future. By loading content into the processor before being used, the latency between the memory and the chip is reduced, a common difficulty in current computers.

This solution is something relatively new, being found only in the microarchitecture of Apple’s M line processors and in the 13th generation of Intel chips, Raptor Lake. Other ways of prefetchershowever, they have been quite common for a few years.

Experts had already warned that these components created a side channel in which malicious processes could obtain secret materials from cryptographic operations based on changes in the state of access patterns. In response to this, so-called constant-time programming was created, which guarantees that operations are performed using the same amount of time, keeping the code free from secret-dependent memory accesses.

O GoFetch

The discovery of the GoFetch research is to notice a previously overlooked behavior of Apple Silicon DMPs: they sometimes confuse memory contents with pointer values ​​used to load other data. With this, the DMP reads the information and treats it as a path to access memory.

This “dereferencing” of pointers, when reading the data and leaking it into a side channel, violates the constant-time paradigm, opening the way for the exploration of the component by crackers. Such attackers can — as the researchers who discovered the vulnerability did — manipulate intermediate data in the encryption algorithm to appear as a pointer.

Then, DMP sees that this data value “looks like” a path and takes the data to the supposed path in the cache, leaking it. The fact that intermediate data is visible in a cache channel is enough to reveal the key over time.

By inputting data and mixing it with cryptographic keys, for example, the resulting intermediate state can be modified to look like a pointer. Through “dereferencing”, a cracker It could also infer information about protected data by monitoring the behavior of the DMP, violating constant-time guarantees and, consequently, cryptographic implementations.

The attack uses a malicious app that does not require root access, using the same permissions as most apps. As long as the app with GoFetch is in the same cluster of the processor (division of cores) than the targeted app (even if different cores), it is possible to mine enough secrets to arrive at a key.

GoFetch works against both older and more modern algorithms — and powered by quantum computers. In less than an hour, the attack is able to extract a 2048-bit RSA key, or just over two hours to extract a Diffie-Hellman key, excluding offline processing time.

By connecting to the targeted app and entering data that is signed or decrypted, the tool can extract the secret key used to perform encryption operations. In other words, it is not even necessary for the app in question to be carrying out such operations at the time of the attack.

It is worth noting that this is not the first time that the DMP has been explored. In 2022, another vulnerability was exploited in the M1 and A14 Bionic, with the identification of a side memory channel that leaked pointers. With constant-time practices, however, this loophole could no longer be used, which gave the false impression that the DMP did not pose a threat.

GoFetch, however, proved that DMP can still be exploited, including being significantly more aggressive. Any value loaded from memory can be dereferenced, which allows overcoming several of the limitations of the previous vulnerability and demonstrates the existence of end-to-end attacks in constant-time codes.

Correction difficulties

Due to a problem in the chip’s microarchitecture, the vulnerability cannot be corrected, only with the possibility of mitigation through the system code, which communicates with the hardware. In addition to constant-time programming, you need to use other defenses, almost all of which have negative impacts on your Mac’s performance.

One of the most effective is to blind and encrypt texts, which adds or removes masks of sensitive data as it is loaded or stored in memory. As a result, the internal state of cryptographic algorithms is randomized, preventing memory control and, thus, neutralizing attacks.

This technique, however, doubles the need for computer processing resources in the case of some keys, potentially making their use unfeasible. It would also be possible to run cryptographic tasks on the chips’ efficiency cores, which do not have DMP, although this should also mean an increase in processing time. Other defenses also have considerable downsides.

On the M3 chip, a tool has been added that allows developers to disable DMP, but the impact of this on performance is not yet known. In the case of Intel chips with DMP, these key leakage problems were not encountered.

Something important is that these performance decreases only occur when running some specific encryption operations, and not in other types of apps. For researchers, the ideal is for the software to offer an option to disable DMP when using apps that are more critical in terms of security, including finer adjustments in this area.

Apple has not commented on GoFetch. The researchers claimed to have informed the company about the vulnerability in December last year, before publicly disclosing the breach.

via AppleInsider