GoFetch – Security vulnerability in Apple Silicon (M-Chip) that cannot be closed

A scientific study of Apple Silicon - specifically the M1, M2 and M3 versions - has revealed that it suffers from a security flaw that cannot be easily closed. The ability to read security keys or encrypted data, called “GoFetch”, results from the hardware structure of the chips. Since certain data is loaded into a pre-storage memory, the so-called cache, for better performance and is already assigned to the CPU clusters predicted for future use, hacking software running in the same cluster can access certain data; also on security keys. And this despite the fact that she does not have admin rights, but rather simple user rights.

Due to the GoFetch vulnerability in Apple Silicon, security keys from the performance cores of the M chip can be cracked. Passwords and encrypted data are then no longer secure.
Due to the GoFetch vulnerability in Apple Silicon, security keys from the performance cores of the M chip can be cracked. Passwords and encrypted data are then no longer secure.

The Apple Silicon GoFetch vulnerability

GoFetch is based on the fact that so-called data memory-dependent prefetchers (DMP) are used for the performance cores of the CPU units of the M-chip. This type of hardware acceleration for software processes determines their memory addresses before using certain data loaded into the CPU's cache. This subsequently reduces the access time to this data, which speeds up the overall use of the Mac. However, malware designed for this approach can intervene right there and read out certain data.

It says how to exploit the vulnerability on the dedicated website (loosely translated): “To exploit the DMP, we compose selected inputs for cryptographic operations such that pointer-like values ​​only appear when we have correctly guessed some bits of the secret key […] Using this approach, we demonstrate end-to-end key extraction attacks on popular ones Constant-time implementations of classical (OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum cryptography (CRYSTALS-Kyber and CRYSTALS-Dilithium)."

Cryptography on efficiency cores as a (slow) workaround

The performance cores of the CPU unit on the M-chip are designed to execute processes as quickly as possible. That's why DMPs are used. Of course, the ability to perform calculations quickly makes these cores ideal for encryption and decryption. As described, the DMPs ensure that the keys used or the data kept secret with them can be read. The possible approach to prevent GoFetch attacks is to carry out encryption and decryption away from the performance cores.

However, outsourcing to the efficiency cores, which are not designed for speed but for energy-saving use, can make the processes take noticeably longer. In addition, redirection to the other cores (as far as I understand it) cannot simply be forced system-wide through a macOS update. The procedure must be implemented manually into the software by the developers of the respective apps or system tools. A workaround to reduce the GoFetch attack possibilities is therefore available. However, it is time-consuming and can slow down work on the Mac.

>>>Explained: High-efficiency cores vs. high-performance cores in Apple Silicon<<

Introduction to the topic and scientific paper

If you are interested in the topic and don't just want my amateur, second-hand rendition, then I can recommend the websites that explain the topic with first-hand data. The first website is https://gofetch.fail/. There you will find a short description of the problem, a list of the contributors and the universities at which they work. And last but not least, an FAQ with all important questions and answers on the topic. This includes, among other things, the note that Apple was informed about the research results on December 5, 2023.

The paper on the topic is more scientific, which you can download as a PDF file (https://gofetch.fail/files/gofetch.pdf). The 21 pages contain all the detailed information on the topic, from a detailed introduction to the background of the research field to the experimental setup and the results achieved. I can't say that I understand much of it, especially not the formulas and other mathematical descriptions that sometimes fill entire paragraphs. Anyone who understands this will certainly gain a lot of insight from the PDF.

Jens' video about GoFetch

My tips & tricks about technology & Apple

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

2 comments on “GoFetch – Security vulnerability in Apple Silicon (M-Chip) that cannot be closed”

  1. Unfortunately you forgot this part:

    Can the DMP be disabled?
    Yes, but only on some processors. We observe that the DIT bit set on m3 CPUs effectively disables the DMP. This is not the case for the m1 and m2. Also, Intel's counterpart, DOIT bit, can be used to disable DMP on the Raptor Lake processors.

    1. Thanks for the addition. Since I don't understand the use or manipulation of DIT and the corresponding bit, I probably deliberately left it out.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.

Shopping
  •  
  •