Mon, April 15, 2024

GoFetch Discovers Vulnerability in Apple M-Series Chips

MacBook Pro New Features and Impressions. GoFetch

Quick Look:

  • Apple’s M-series chips have a GoFetch vulnerability, found by researchers, risking millions of devices and raising global cybersecurity concerns.
  • GoFetch exploits chips’ data-dependent prefetcher, letting attackers extract sensitive data through side-channel attacks, a complex issue.
  • Institutions’ collaboration exposes GoFetch’s complexity, comparing it with Augury, showing the evolving microarchitectural exploits’ seriousness.
  • Apple responds with actions like Data-Independent Timing on M3 chips, engaging academia, and strengthening software security practices.

In December 2023, Apple found itself at the centre of attention for cybersecurity communities worldwide right after the notification of the GoFetch vulnerability within its M-series chips. The discovery, made by a consortium of researchers from prestigious institutions, exposed a critical security flaw that could potentially compromise millions of devices.

GoFetch represents a microarchitectural side-channel attack, exploiting the data memory-dependent prefetcher (DMP) within Apple’s M-series chips. Its methodology allows attackers to infer and extract sensitive data from the CPU cache by analyzing memory access patterns and cache latency. Moreover, unique in its approach, GoFetch targets constant-time cryptographic implementations. Additionally, bypassing traditional defences against timing side-channel attacks. This requires the attacker’s and victim’s processes to be co-located on the same CPU cluster, exploiting a malicious app to facilitate data extraction.

Academia Maps GoFetch’s Sophistication & Scope

The unravelling of GoFetch owes its credit to the collaborative effort of researchers from various institutions. The University of Illinois Urbana-Champaign, the University of Texas, the Georgia Institute of Technology, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University contributed to the research. This collective endeavour shed light on the vulnerability. Besides, it also placed GoFetch in a comparative context with Augury, a previous attack. Therefore highlighting the evolving sophistication of microarchitectural exploits.

In response, Apple has proactively engaged with the academic community, seeking to mitigate the vulnerability’s impact. Specifically, introducing Data-Independent Timing (DIT) on M3 chips represents a pivotal step towards disabling DMP. This crucial feature turned out to be absent in M1 and M2 processors. Furthermore, Apple’s guidance to developers emphasizes the importance of avoiding conditional branches and memory locations based on secret data. This underscores the company’s commitment to reinforcing security practices in software development.

GoFetch & GPU Attack: Broader Hardware Security Woes

The discovery of GoFetch coincides with another revelation by researchers at Graz University of Technology and the University of Rennes, who demonstrated a GPU cache side-channel attack. This parallel discovery accentuates hardware security’s broader challenges, illuminating the relentless pursuit of vulnerabilities within modern computing architectures. The implications of GoFetch extend beyond a singular vulnerability, signifying a watershed moment in safeguarding hardware against attacks.

YOU MAY ALSO LIKE

Market Trends

Quick Look: Cronos Group stock fell by 2.53%, closing at $3.47. Trading

The Central Bank of Russia and crypto, nickel

Quick Look: Nickel smelting causes local communities severe health problems and environmental

Tractable raises $60M to grow in accident - robot recovery

Quick Look: The Robot Market in China is projected to grow from

COMMENTS

Leave a Comment

Your email address will not be published. Required fields are marked *

User Review
  • Support
    Sending
  • Platform
    Sending
  • Spreads
    Sending
  • Trading Instument
    Sending

BROKER NEWS

Axi Renews CFD Sponsorship Deal with Football

The Australian Federal Court has ordered Prospero Markets, a trading broker for forex and CFDs, to shut down and has appointed a liquidator to refund client money. This move follows a demand from

BROKER NEWS

Broker News

Axi Renews CFD Sponsorship Deal with Football

The Australian Federal Court has ordered Prospero Markets, a trading broker for forex and CFDs, to shut down and has appointed a liquidator to refund client money. This move follows a demand from the