M-series Macs can leak secrets due to inherent vulnerability

A feature that makes Apple M-series processors faster also leaves them vulnerable to a new side-channel attack that cannot be patched, according to research. Hackers, in theory, could extract secret encryption keys and then access sensitive data.

The newly discovered proof-of-concept attack is called GoFetch.

GoFetch is based on a CPU feature called data memory-dependent prefetcher (DMP), which is present in the latest Apple M-series processors. DMP speeds up the processor by predicting what data will be required next and preparing it in advance.

In a paper, a team of seven researchers described how this feature can leak sensitive information. After reverse engineering Apple and Intel DMPs, they developed end-to-end key-extraction attacks on constant-time implementations of classical cryptography.

“DMPs pose a significant security threat to modern software, breaking a wide variety of state-of-the-art cryptographic implementations. At a high level, if the attacker has the ability to secret-dependently write a pointer to memory, the DMP enables it to learn partial or complete information about that secret,” the paper reads.

Basically, an attacker could trick the processor into loading secret keys into a cache and steal them from there. For that, they wouldn’t need administrator privileges. That makes the attack particularly dangerous, as any malicious application on the system could run it.

“For our cryptographic attacks, we assume the attacker runs unprivileged code and is able to interact with the victim via nominal software interfaces, triggering it to perform private key operations,” the researchers write.

Researchers demonstrated attacks on four different cryptographic implementations, which also include post-quantum cryptography. However, more programs are likely at risk.

It can take the malicious application somewhere from one to ten hours to run in parallel with targeted software, i.e., a crypto wallet, to extract and reconstruct the secret key, as demonstrated by researchers.

While researchers tortured the Apple M1 chip, they noted that “DMPs also exist on the Apple M2/M3 and Intel 13th Generation CPUs, the problem seemingly transcends specific processors and hardware vendors and thus requires dedicated hardware countermeasures.”

For users, researchers recommend using the latest versions of software and performing updates regularly.

Developers of cryptographic libraries can disable the DMP on some CPUs, and they can also use the “input blinding” technique. However, it’s impossible to patch leaky hardware.

“A drastic solution would be to completely disable the DMP,” researchers say.

However, that would incur heavy performance penalties “and is likely not possible on M1 and M2 CPUs.”

The findings were disclosed to vendors prior to the public release of the paper. Apple has not yet publicly addressed the issue.

Researchers also plan on releasing the proof-of-concept code “soon.”

Their work was partially supported by the Air Force Office of Scientific Research (AFOSR), the Defense Advanced Research Projects Agency (DARPA), the National Science Foundation, the Alfred P. Sloan Research Fellowship, and gifts from Intel, Qualcomm, and Cisco.