A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and the flaw is ‘unpatchable’

A vulnerability etched into the design of Apple M-series chips has been uncovered by researchers which could allow attackers to extract encryption secret keys when performing cryptographic operations.

Six academic researchers at institutions across the US authored a paper outlining a vulnerability they dubbed ‘GoFetch’, which leaks cryptographic data from the CPU cache that hackers can use to piece together a cryptographic key.

“GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).” stated a blog published by the authors.

GoFetch relies on exploiting a relatively new microarchitectural design feature only found on Apple M-series chips and Intel’s Raptor Lake microarchitecture intended to reduce memory-access latency – a common CPU bottleneck.

DMPs proactively load data into the CPU cache before it is directly required, helping to reduce latency between the main memory and CPU.

This technology is vulnerable to cache side-channel attacks which “observe the side effects of the victim program’s secret-dependent accesses to the processor cache”, according to the paper.

During the prefetching process, the DMP must make a series of predictions on what data will be required, based on previous access patterns, and attackers can exploit this side channel to steal information.

A popular workaround neutralizing this threat is constant-time programming, which standardizes the execution time for operations regardless of the size of the input by ensuring the data has no secret-dependent memory accesses.

The new paper from Chen et al. demonstrates how DMPs often compromise the security of constant-time programming by mixing up memory content with pointer values that are used to direct the DMP to load other data. 

“We show that even if a victim correctly separates data from addresses by following the constant-time paradigm, the DMP will generate secret-dependent memory access on the victim's behalf, resulting in variable-time code susceptible to our key-extraction attacks:”, Chen et al explained.

Applications using the GoFetch attack can manipulate data to look like a pointer value, which the DMP treats as an address and brings the data from this location into the cache, which is then visible and leaked over cache side channels.

The vulnerability can be exploited when the cryptographic operation being targeted is running on the same CPU cluster as the malicious application.

The authors stated they will release proof-of-concept code demonstrating GoFetch’s attack path soon.

Flaw in Apple M-series chips is ‘unpatchable’

This vulnerability cannot be patched directly as it stems from the microarchitectural design of the silicon itself, the paper stated.

Notably, Intel’s Raptor Lake CPU architecture doesn’t share this vulnerability with its M-series counterparts, despite sharing the same prefetcher as Apple’s chips.

This shows that the vulnerability can be addressed by altering the silicon, but this will only be available for future Apple M-series architectures, where the CPU architecture will need to be redesigned.

As a result, current M-series chips exposed to the vulnerability cannot be patched in the silicon, and businesses using these devices can only try to mitigate the potential damage a successful exploit could incur using third-party software.

But integrating extra layers of protection into third-party cryptographic software will take a significant toll on encryption and decryption performance, leaving developers with a difficult choice between efficiency and security.

At the time of writing, Apple has not published any release dates for an official fix.