Sun, September 08, 2024

GoFetch Discovers Vulnerability in Apple M-Series Chips

MacBook Pro New Features and Impressions. GoFetch

Quick Look:

  • Apple’s M-series chips have a GoFetch vulnerability, found by researchers, risking millions of devices and raising global cybersecurity concerns.
  • GoFetch exploits chips’ data-dependent prefetcher, letting attackers extract sensitive data through side-channel attacks, a complex issue.
  • Institutions’ collaboration exposes GoFetch’s complexity, comparing it with Augury, showing the evolving microarchitectural exploits’ seriousness.
  • Apple responds with actions like Data-Independent Timing on M3 chips, engaging academia, and strengthening software security practices.

In December 2023, Apple found itself at the centre of attention for cybersecurity communities worldwide right after the notification of the GoFetch vulnerability within its M-series chips. The discovery, made by a consortium of researchers from prestigious institutions, exposed a critical security flaw that could potentially compromise millions of devices.

GoFetch represents a microarchitectural side-channel attack, exploiting the data memory-dependent prefetcher (DMP) within Apple’s M-series chips. Its methodology allows attackers to infer and extract sensitive data from the CPU cache by analyzing memory access patterns and cache latency. Moreover, unique in its approach, GoFetch targets constant-time cryptographic implementations. Additionally, bypassing traditional defences against timing side-channel attacks. This requires the attacker’s and victim’s processes to be co-located on the same CPU cluster, exploiting a malicious app to facilitate data extraction.

Academia Maps GoFetch’s Sophistication & Scope

The unravelling of GoFetch owes its credit to the collaborative effort of researchers from various institutions. The University of Illinois Urbana-Champaign, the University of Texas, the Georgia Institute of Technology, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University contributed to the research. This collective endeavour shed light on the vulnerability. Besides, it also placed GoFetch in a comparative context with Augury, a previous attack. Therefore highlighting the evolving sophistication of microarchitectural exploits.

In response, Apple has proactively engaged with the academic community, seeking to mitigate the vulnerability’s impact. Specifically, introducing Data-Independent Timing (DIT) on M3 chips represents a pivotal step towards disabling DMP. This crucial feature turned out to be absent in M1 and M2 processors. Furthermore, Apple’s guidance to developers emphasizes the importance of avoiding conditional branches and memory locations based on secret data. This underscores the company’s commitment to reinforcing security practices in software development.

GoFetch & GPU Attack: Broader Hardware Security Woes

The discovery of GoFetch coincides with another revelation by researchers at Graz University of Technology and the University of Rennes, who demonstrated a GPU cache side-channel attack. This parallel discovery accentuates hardware security’s broader challenges, illuminating the relentless pursuit of vulnerabilities within modern computing architectures. The implications of GoFetch extend beyond a singular vulnerability, signifying a watershed moment in safeguarding hardware against attacks.

YOU MAY ALSO LIKE

Число заявок на пособие по безработице в США сократилось на 2 000, что свидетельствует о стабильности рынка труда в условиях высоких ставок, а дальнейшие действия ФРС будут иметь решающее значение для экономической стабильности.

Quick Overview Unemployment Claims Dip: Jobless claims fell by 2,000 to 231,000,

Стерлинг достиг отметки $1,32: рост, риски и перспективы

Quick Look Sterling’s Surge: The British pound has surged to a 2.5-year

Доу Джонс вырос на 243 пункта, установив новый рекорд на отметке 41 335,05

Quick Overview Dow Jones Hits Record: The DJIA rose by 243.63 points,

COMMENTS

Leave a Comment

Your email address will not be published. Required fields are marked *

User Review
  • Support
    Sending
  • Platform
    Sending
  • Spreads
    Sending
  • Trading Instument
    Sending

BROKER NEWS

BROKER NEWS