Apple M-series chips found to leak secret encryption keys

Researchers have identified a vulnerability in Apple’s M-series chips that could be exploited to extract cryptographic keys. This side-channel attack, GoFetch, targets a hardware optimization feature called a data memory-dependent prefetcher (DMP).

The DMP is designed to improve performance by pre-fetching data the processor anticipates needing. But researchers found that it can be tricked into revealing the contents of memory locations containing secret keys. This occurs because the DMP can misinterpret certain data values as memory addresses, leading to information leakage.

In easier words, the chip part called a DMP, helps the processor guess what data it might need next. The problem is that attackers can trick the DMP into revealing secret codes stored in memory by confusing the DMP.

The GoFetch attack has the potential to compromise keys used for various encryption protocols, including those designed to be secure against quantum computers. All an attacker would need to run malicious software alongside the targeted application for a period of time (ranging from under an hour to 10 hours) to steal the key.

Due to the hardware nature of the vulnerability, a direct chip patch is not possible. This falls on software developers to add additional security measures to their applications. These steps, such as randomizing sensitive data, can add performance slowdowns to the system.

Users are advised to update software as soon as patches addressing the GoFetch vulnerability become available.

Researchers believe a collaborative effort between hardware and software designers is necessary to address the security risks associated with DMPs. Ideally, future chip designs would provide more granular control over DMP functionality to mitigate these vulnerabilities without sacrificing performance.

Apple has not yet put out a statement regarding the GoFetch research.

More here.