Tech | Visa | Scholarship/School | Info Place

New GoFetch vulnerability in Apple M chips leads to key leaks on infected computers

The newly exposed GoFetch vulnerability affects Apple M1, M2 and M3 chips and allows attackers to steal keys from encrypted applications on the target system. The vulnerability is exploited by running a rogue process on the same CPU cluster as the target process on the target computer. Because the vulnerability exists in hardware, there is currently no simple mitigation.

What is the GoFetch vulnerability?

GoFetch is a cache side-channel vulnerability. Such vulnerabilities target specific caches in the system by analyzing auxiliary data.

The M1, M2, and M3 Apple chips have a data memory-dependent prefetcher, which is the hardware part of the chip that is responsible for predicting the memory addresses of data that code running on the computer may access in the near future and storing it in cache. . However, in contrast to classic prefetchers that only store memory access patterns, DMP “also directly considers the contents of data memory to determine what to prefetch,” as written in a publication by Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W . Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin reveal all the details about the GoFetch vulnerability.

One behavior of DMP that can lead to GoFetch vulnerabilities: it sometimes confuses memory contents with pointer values ​​used to load other data. As the researchers explain, the GoFetch vulnerability can be exploited by crafting “selected inputs to a cryptographic operation such that a pointer-like value only appears when we correctly guess certain bits of the key.” Therefore, by repeating these operations for different bits, it is possible to guess all the bits of the secret key.

Tests conducted by the researchers have shown that keys can be extracted from popular encryption products (OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption), as well as from post-quantum cryptography (such as CRYSTALS-Kyber and CRYSTALS-Dilithium). key. However, the researchers wrote, “While we demonstrate end-to-end attacks on four different encryption implementations, more programs may be at risk given similar attack strategies.”

What is a cache side-channel vulnerability?

Imagine you have a locked safe and you don’t know the combination, but you know that the sound you make when you turn the dial changes depending on which number you’re on. So, you listen carefully to the sound it makes when you turn the dial, and you can figure out the combination that way, even if you don’t know the actual numbers.

Side-channel attacks work similarly. Instead of trying to break the encryption directly, attackers look for other clues that could reveal the secret information. For example, they might use a device to measure how much power a computer uses when performing cryptographic operations. By analyzing power usage patterns, they can figure out the keys used to encrypt data, even if they don’t know the algorithm. This can be a very effective way to bypass security measures and access sensitive information.

What are the prerequisites for successfully exploiting the GoFetch vulnerability?

To successfully exploit the GoFetch vulnerability, an attacker first needs to be able to run code with the logged-in user’s rights, which means the target computer has already been compromised. The exploit code used by the attacker must then execute as a process running on the same CPU cluster as the target computer.

“These scenarios are not impossible, and unfortunately, malware proves this every day. No special privileges are required,” Fred Raynal, CEO of French offensive and defensive security company Quarkslab, said in a written interview with TechRepublic.

Raynal added: “On OS No additional permissions are required to access data between the two processes.”

Which systems are vulnerable to GoFetch?

Apple computers with M1, M2, or M3 chips are vulnerable to GoFetch. There is a difference on M3 because disabling the data independent timing bit disables DMP, which is not possible on M1 and M2.

Researchers pointed out that a similar DMP exists on Intel’s latest 13th generation (Raptor Lake) architecture, but with stricter activation standards, making it resistant to GoFetch vulnerabilities. Additionally, similar to the M3 chips, Raptor Lake processors can disable DMP through the use of data operand independent timing bits.

GoFetch Threat Mitigation

Researchers say disabling DMP results in severe performance penalties and is unlikely to be possible on M1 and M2 CPUs.

Techniques like cryptographic blinding can be applied. “For example, by instrumenting the code to add/remove masks of sensitive values ​​before/after storing/loading from memory,” the researchers explained. However, a major drawback of this approach is that it requires potential DMP custom code changes for each encryption implementation and causes severe performance penalties for some encryption schemes.

It is also possible to run all encryption code only on Icestorm cores, since DMP will not be activated on these cores. However, this solution significantly reduces performance and runs the risk that DMP may be silently enabled on these cores in the future as well.

Download: TechRepublic Premium’s Quick Glossary of Cybersecurity Countermeasures

Therefore, hardware support appears to be the long-term solution, as the researchers write:

“In the long term, we believe the right solution is to expand hardware-software contracts to take DMP into account. At the very least, hardware should expose to software a way to selectively disable DMP when running safety-critical applications. There is already an emerging industry for this Precedent. For example, Intel’s DOIT extension specifically mentions disabling its DMP via the ISA extension. In the long term, more fine-grained control would ideally be required, e.g., limiting DMP to only specific buffers or designated non-sensitive memory areas Prefetching.”

The best protection at the moment remains to disable any remote code execution on the vulnerable computer so that attackers cannot exploit GoFetch as they would any other type of malicious code. Therefore, it is highly recommended to always keep your hardware, systems, and software up to date and patched to avoid being compromised by any malware or attackers that may execute GoFetch vulnerabilities.

Additionally, users should not be allowed to install any software from untrusted third parties; they should also be wary of phishing emails that may contain malicious code or links to malicious code.

Disclosure: I work for Trend Micro, but the opinions expressed in this article are mine.

#GoFetch #vulnerability #Apple #chips #leads #key #leaks #infected #computers

Leave a Reply

Your email address will not be published. Required fields are marked *