GoFetch Discovers Vulnerability in Apple M-Series Chips

Quick Look:

• Apple’s M-series chips have a GoFetch vulnerability, found by researchers, risking millions of devices and raising global cybersecurity concerns.
• GoFetch exploits chips’ data-dependent prefetcher, letting attackers extract sensitive data through side-channel attacks, a complex issue.
• Institutions’ collaboration exposes GoFetch’s complexity, comparing it with Augury, showing the evolving microarchitectural exploits’ seriousness.
• Apple responds with actions like Data-Independent Timing on M3 chips, engaging academia, and strengthening software security practices.

In December 2023, Apple found itself at the centre of attention for cybersecurity communities worldwide right after the notification of the GoFetch vulnerability within its M-series chips. The discovery, made by a consortium of researchers from prestigious institutions, exposed a critical security flaw that could potentially compromise millions of devices.

GoFetch represents a microarchitectural side-channel attack, exploiting the data memory-dependent prefetcher (DMP) within Apple’s M-series chips. Its methodology allows attackers to infer and extract sensitive data from the CPU cache by analyzing memory access patterns and cache latency. Moreover, unique in its approach, GoFetch targets constant-time cryptographic implementations. Additionally, bypassing traditional defences against timing side-channel attacks. This requires the attacker’s and victim’s processes to be co-located on the same CPU cluster, exploiting a malicious app to facilitate data extraction.

Academia Maps GoFetch’s Sophistication & Scope

The unravelling of GoFetch owes its credit to the collaborative effort of researchers from various institutions. The University of Illinois Urbana-Champaign, the University of Texas, the Georgia Institute of Technology, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University contributed to the research. This collective endeavour shed light on the vulnerability. Besides, it also placed GoFetch in a comparative context with Augury, a previous attack. Therefore highlighting the evolving sophistication of microarchitectural exploits.

In response, Apple has proactively engaged with the academic community, seeking to mitigate the vulnerability’s impact. Specifically, introducing Data-Independent Timing (DIT) on M3 chips represents a pivotal step towards disabling DMP. This crucial feature turned out to be absent in M1 and M2 processors. Furthermore, Apple’s guidance to developers emphasizes the importance of avoiding conditional branches and memory locations based on secret data. This underscores the company’s commitment to reinforcing security practices in software development.

GoFetch & GPU Attack: Broader Hardware Security Woes

The discovery of GoFetch coincides with another revelation by researchers at Graz University of Technology and the University of Rennes, who demonstrated a GPU cache side-channel attack. This parallel discovery accentuates hardware security’s broader challenges, illuminating the relentless pursuit of vulnerabilities within modern computing architectures. The implications of GoFetch extend beyond a singular vulnerability, signifying a watershed moment in safeguarding hardware against attacks.