According to a report, Apple's chip vulnerability is unpatchable, serving as an entry point for the theft of private keys and cryptocurrencies.
A report from the security firm Ars Technica has uncovered a vulnerability in Apple's M-series chips, which are used in numerous MacBook devices. The flaw is deemed unpatchable or irreparable, allowing potential attackers to access cryptographic data on affected devices.
A team of eight researchers from various US universities has determined that the Apple chip flaw enables malicious attackers to execute a side-channel exploit when running common cryptographic protocols. This opens up the possibility for attackers to obtain end-to-end encryption keys. The vulnerability can be exploited when the cryptographic operation of a potential victim and the malicious application, utilizing common user system privileges, are run on the same CPU cluster (or as a coordinated group of computers), all without the victim's knowledge.
Due to the vulnerability residing in the chip microarchitecture (i.e., at the silicon level), researchers believe that security patches cannot be designed to address the issue.
According to the researchers, the flaw can only be mitigated through the use of third-party software, which could significantly impact the performance of MacBooks when using cryptographic programs. Among the findings of the report, it is highlighted that the most vulnerable chips are the M1 and M2, components from previous generations.
Specifically, potential hackers could intercept and exploit memory access patterns of the computer to extract confidential information, such as encryption keys used by cryptographic applications. "In other words, the vulnerability exploits the advancement of new research by exposing a behavior of Apple's DMP [dependent memory prefetchers] in silicon that was previously overlooked: it sometimes confuses the content of memory, like encryption keys, with the pointer value used to load other data," explain the researchers. This is the first time researchers have found flaws in Apple's DMP.
As a result, the DMP often reads the data and attempts to treat it as an address for memory access. This "dereferencing" of "pointers" - that is, reading data and leaking it through a side channel - is a blatant violation of the constant-time paradigm.
- Ars Technica, a security firm.
The researchers proceed with the explanation.
The prefetchers typically look at the addresses of the data being accessed (ignoring the values of the data being accessed) and try to guess future addresses that might be useful. The DMP is different in this regard, as it not only uses addresses but also utilizes the values of the data to make predictions (predicting where to go and fetch data beforehand). In particular, if a data value "looks" like a pointer, it will be treated as an "address" (where it actually isn't!) and the data from this "address" will be fetched into the cache. The arrival of this address into the cache is observable and leaks through cache side channels.
- Ars Technica, a security firm.
By the way, the research team points out the following: "Our attack exploits this fact. We cannot directly leak encryption keys, but what we can do is manipulate intermediate data within the encryption algorithm to look like a pointer through a chosen input attack." As the researchers assure, the DMP sees the data value "looks" like an address and fetches data from this "address" into the cache, leaking the "address." "The fact that intermediate data looks like an address is visible through a cache channel and is sufficient to reveal the secret key over time," they ensure.
The type of attack that can be carried out through this vulnerability has been dubbed Go Fetch. The hack works in the user environment effortlessly and only requires standard user privileges, similar to those needed by normal applications.
The GoFetch application takes less than an hour to extract a 2048-bit RSA key and a little over two hours to extract a 2048-bit Diffie-Hellman key. The attack takes 54 minutes to extract the material needed to assemble a Kyber-512 key and around 10 hours for a Dilithium-2 key, not counting the offline time needed to process the raw data.
-Ars Technica, a security firm.
The researchers offered some advice on how to defend against this type of attacks. One of these techniques is blinding encrypted text, which is a good example. "Blinding works by adding or removing masks to sensitive values before or after they are stored or loaded from memory," they point out. This introduces randomness into encryption algorithms, preventing the Go Fetch attack from succeeding. However, this defense is specific to each algorithm and can be costly.
Another way to protect affected devices is by running cryptographic processes on the aforementioned efficiency cores, also known as Icestorm cores, which do not have DMP. One way to achieve this is by running all cryptographic code on these cores. However, this defense is not ideal, as additional cryptographic processes will likely increase the time required to complete computer operations. Although the researchers mention several defenses, they all have their own difficulties.
"In the long term, we consider the correct solution to be expanding the hardware and software contract to account for the DMP," the researchers wrote. "At a minimum, the hardware should provide software with a way to selectively disable the DMP when critical security applications are running," they recommend.