A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations.

Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data from the CPU cache. Apple was made aware of the findings in December 2023.

Prefetchers are a hardware optimization technique that predicts what memory addresses a currently running program will access in the near future and retrieve the data into the cache accordingly from the main memory. The goal of this approach is to reduce the program’s memory access latency.

DMP is a type of prefetcher that takes into account the contents of memory based on previously observed access patterns when determining what to prefetch. This behavior makes it ripe for cache-based attacks that trick the prefetcher into revealing the contents associated with a victim process that should be otherwise inaccessible.

GoFetch also builds on the foundations of another microarchitectural attack called Augury that employs DMP to leak data speculatively.

“DMP activates (and attempts to dereference) data loaded from memory that ‘looks like’ a pointer,” a team of seven academics from the University of Illinois Urbana-Champaign, University of Texas, Georgia Institute of Technology, University of California, Berkeley, University of Washington, and Carnegie Mellon University said.

“This explicitly violates a requirement of the constant-time programming paradigm, which forbids mixing data and memory access patterns.”

Like other attacks of this kind, the setup requires that the victim and attacker have two different processes co-located on the same machine and on the same CPU cluster. Specifically, the threat actor could lure a target into downloading a malicious app that exploits GoFetch.

What’s more, while the attacker and the victim do not share memory, the attacker can monitor any microarchitectural side channels available to it, e.g., cache latency.

GoFetch, in a nutshell, demonstrates that “even if a victim correctly separates data from addresses by following the constant-time paradigm, the DMP will generate secret-dependent memory access on the victim’s behalf,” rendering it susceptible to key-extraction attacks.

In other words, an attacker could weaponize the prefetcher to influence the data being prefetched, thus opening the door to accessing sensitive data. The vulnerability has serious implications in that it completely nullifies the security protections offered by constant-time programming against timing side-channel attacks.

“GoFetch shows that the DMP is significantly more aggressive than previously thought and thus poses a much greater security risk,” the researchers noted.

The fundamental nature of the flaw means that it cannot be fixed in existing Apple CPUs, requiring that developers of cryptographic libraries take steps to prevent conditions that allow GoFetch to succeed, something that could also introduce a performance hit. Users, on the other hand, are urged to keep their systems up-to-date.

On Apple M3 chips, however, enabling data-independent timing (DIT) has been found to disable DMP. This is not possible on M1 and M2 processors.

“Apple silicon provides data-independent timing (DIT), in which the processor completes certain instructions in a constant amount of time,” Apple notes in its documentation. “With DIT enabled, the processor uses the longer, worst-case amount of time to complete the instruction, regardless of the input data.”

The iPhone maker also emphasized that although turning on DIT prevents timing-based leakage, developers are recommended to adhere to “avoid conditional branches and memory access locations based on the value of the secret data” in order to effectively block an adversary from inferring secret by keeping tabs on the processor’s microarchitectural state.

The development comes as another group of researchers from the Graz University of Technology in Austria and the University of Rennes in France demonstrated a new graphics processing unit (GPU) attack affecting popular browsers and graphics cards that leverages specially crafted JavaScript code in a website to infer sensitive information such as passwords.

The technique, which requires no user interaction, has been described as the first GPU cache side-channel attack from within the browser.

“Since GPU computing can also offer advantages for computations within websites, browser vendors decided to expose the GPU to JavaScript through APIs like WebGL and the upcoming WebGPU standard,” the researchers said.

“Despite the inherent restrictions of the JavaScript and WebGPU environment, we construct new attack primitives enabling cache side-channel attacks with an effectiveness comparable to traditional CPU-based attacks.”

A threat actor could weaponize it by means of a drive-by attack, allowing for the extraction of AES keys or mining cryptocurrencies as users browse the internet. It impacts all operating systems and browsers implementing the WebGPU standard, as well as a broad range of GPU devices.

As countermeasures, the researchers propose treating access to the host system’s graphics card via the browser as a sensitive resource, requiring websites to seek users permission (like in the case of camera or microphone) before use.

Feb 22, 2024NewsroomQuantum Computing / Encryption

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer.

“With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps,” Apple said.

The iPhone maker described the protocol as “groundbreaking,” “state-of-the-art,” and as having the “strongest security properties” of any cryptographic protocol deployed at scale.

PQ3 is the latest security guardrail erected by Apple in iMessage after it switched from RSA to Elliptic Curve cryptography (ECC), and by protecting encryption keys on devices with the Secure Enclave in 2019.

While the current algorithms that underpin public-key cryptography (or asymmetric cryptography) are based on mathematical problems that are easy to do in one direction but hard in reverse, a potential future breakthrough in quantum computing means classical mathematical problems deemed computationally intensive can be trivially solved, effectively threatening end-to-end encrypted (E2EE) communications.

The risk is compounded by the fact that threat actors could conduct what is known as a harvest now, decrypt later (HNDL) attack, wherein encrypted messages are stolen today in hopes of decoding them at a later point in time by means of a quantum computer once it becomes a reality.

In July 2022, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) chose Kyber as the post-quantum cryptographic algorithm for general encryption. Over the last year, Amazon Web Services (AWS), Cloudflare, Google and Signal have announced support for quantum-resistant encryption in their products.

Apple is the latest to join the post-quantum cryptography (PQC) bandwagon with PQ3, which combines Kyber and ECC and aims to achieve Level 3 security. In contrast, Signal, which introduced its own PQXDH protocol, offers Level 2 security, which establishes a PQC key for encryption.

This refers to an approach where PQC is “used to secure both the initial key establishment and the ongoing message exchange, with the ability to rapidly and automatically restore the cryptographic security of a conversation even if a given key becomes compromised.”

The protocol, per Apple, is also designed to mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key. Specifically, its key rotation scheme guarantees that the keys are rotated every 50 messages at most and at least once every seven days.

Support for PQ3 is expected to start rolling out with the general availability of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 next month.

Cupertino’s iMessage security upgrade follows the tech giant’s surprise decision to bring Rich Communication Services (RCS) to its Messages app later this year, marking a much-needed shift from the non-secure SMS standard.

It also said it will work towards improving the security and encryption of RCS messages. It’s worth noting that while RCS does not implement E2EE by default, Google’s Messages app for Android uses the Signal Protocol to secure RCS conversations.

While the adoption of advanced protections is always a welcome step, it remains to be seen if this is expanded beyond iMessage to include RCS messages.