A critical new vulnerability has been discovered in Apple’s M1, M2 and M3 chips, which increases the risk of attackers stealing encryption keys on Macs and iPads. This vulnerability, which exploits cryptographic operations, could be used to compromise sensitive data like passwords, emails and other private information.
The vulnerability stems from the microarchitectural design of the silicon, so it can’t be patched directly. Instead, it requires mitigation to be built into third-party encryption software. But that can degrade performance, especially in the case of M1 and M2 chips.
What’s causing the vulnerability?
The Apple M-Chips come equipped with data memory-dependent prefetchers (DMPs). A DMP is a piece of hardware that predicts and pre-loads memory addresses, and it’s meant to speed up load times. However, the specific DMPs built into M-chips can sometimes confuse content—such as encryption keys—with pointers (addresses) used to load data.
This confusion of content as memory addresses magnifies the risk of side-channel attacks, which threat actors can use to rebuild cryptographic content.
Prefetching problems
Prefetchers are notorious for opening side channels, which can invite malicious processes to obtain key information.
To prevent this, developers can implement constant-time code techniques to ensure that crypto operations take the same amount of time to execute, no matter the input. This, in turn, inhibits threat actors from rebuilding keys based on timing factors or other secret-dependent processes that may leak data. (For more detailed information on how side-channel attacks work, head over here).
However, Apple M-chips behave differently, and they violate the constant-time technique, actively reading and attempting to treat data values as memory addresses. The two aren’t supposed to mix, and that’s where the problem lies.
SSL/TLS Certificates and Their Prevalence on the Dark Web
That is so not fetch: How quickly can key material be derived from the DMP vulnerability?
A group of seven researchers from various U.S. universities, partially funded by grants from the Air Force and DARPA, published a paper on March 21, revealing the M-chip mix-up. They designed a malicious program, called “GoFetch,”which doesn’t require root access, to target crypto operations. The application causes the victimized DMP to mistake key material as memory addresses, and as a result leaks the key material through a side channel.
While the DMP doesn’t leak an entire key on the first go, a threat actor can rebuild it through repetitious operations. The reps themselves don’t take long, either. But that’s not the most troubling part.
These attacks can impact even the most secure cryptography in relatively no time at all.
Time for GoFetch to rebuild a key:
- 2048-bit RSA: Less than an hour
- 2048-bit Diffie-Hellman: A little over 2 hours
- Kyber-512: 54 minutes
- Dilithium-2: 10 hours
The last two listed are particularly concerning, since CRYSTALS-Kyber and CRYSTALS-Dilithium are meant to be quantum-resistant algorithms, which are said to be so secure they can’t be cracked with a cryptographically relevant quantum computer.
Proposed mitigations and challenges
Since this is a hardware vulnerability—baked right into the silicon—it can’t be patched by a software update. Instead, the researchers have recommended that Apple’s developers must add cryptographic mitigations, such as the three listed below. Each one comes with its own potential drawbacks.
- Ciphertext blinding: Masking values when transferring data to/from memory, randomizing the state of the cryptographic algorithm
- Drawback: Costly and may double the compute needed in some cases
- Crypto operations on DMP-free cores: By running cryptographic code on chip cores that don’t include DMP, these developers could reinforce their defenses.
- Drawback: Could impact performance and increase processing times.
- Disable DMPs: By disabling DMPs, developers could neutralize the chip flaw.
- Drawback: Feature is only built into M3 chips and may impact performance.
This unpatched hardware vulnerability in Apple’s flagship M-chips presents a severe risk to encrypted communications, data and systems. And according to the research, it may impact more encryption types than the four listed above. Some mitigations are possible, but they’re limited—and they may come at a cost, both in computational resources and diminished performance. Regardless, if your organization is using Apple devices with M1, M2 or M3 chips (which includes Mac and iPad devices), keep an eye out for any cryptographic mitigation updates from the technology company.