The vulnerability, dubbed GoFetch, is related to a microarchitectural side-channel attack that targets constant-time cryptographic implementations and retrieves sensitive data from the CPU cache by utilizing a feature called data memory-dependent prefetcher (DMP). The results were communicated to Apple in December 2023.
Prefetchers are a hardware optimization technology that pulls data from main memory into the cache in accordance with the memory addresses that an application executing at the moment is likely to access in the near future. This strategy aims to lower the program’s latency for memory access.
You may be interested: Fortinet Identifies Severe SQL Injection Vulnerability in FortiClientEMS Software
When choosing what to prefetch, DMP prefetchers consider the contents of memory based on previously observed access patterns. Because of this behavior, it is vulnerable to cache-based attacks that fool the prefetcher into exposing data related to a victim process that ought to remain unreadable.
Additionally, GoFetch expands upon the principles of Augury, another microarchitectural attack that uses DMP to leak data arbitrarily.
“DMP activates (and attempts to dereference) data loaded from memory that ‘looks like’ a pointer,” according to a group of seven scholars from Carnegie Mellon University, University of Texas, University of Illinois Urbana-Champaign, University of California, Berkeley, and University of Washington.
“This explicitly violates a requirement of the constant-time programming paradigm, which forbids mixing data and memory access patterns.”
The configuration necessitates that the victim and the attacker run two separate processes on the same machine and in the same CPU cluster, similar to earlier assaults of this type. To be more precise, the threat actor might entice a victim to download a malicious program that takes use of GoFetch.
Furthermore, despite not sharing memory with the victim, the attacker can keep an eye on any microarchitectural side channels that are open to it, such as cache delay.
To put it succinctly, GoFetch illustrates that “even if a victim correctly separates data from addresses by following the constant-time paradigm, the DMP will generate secret-dependent memory access on the victim’s behalf,” making it vulnerable to assaults involving key extraction.
Put otherwise, an attacker might use the prefetcher as a weapon to manipulate the data that is being prefetched, making it possible to access private information. Because it totally eliminates the security safeguards provided by constant-time programming against timing side-channel attacks, the vulnerability has grave ramifications.
“GoFetch shows that the DMP is significantly more aggressive than previously thought and thus poses a much greater security risk,” the investigators stated.
Since the issue is fundamental, it cannot be corrected in CPUs made by Apple today. As a result, developers of cryptographic libraries must take precautions to stop GoFetch from succeeding, which may have an adverse effect on performance. On the other hand, users are advised to maintain their systems updated.
Disabling DMP on Apple M3 chips, however, has been discovered to occur when data-independent time (DIT) is enabled. The M1 and M2 CPUs cannot do this.
“Apple silicon provides data-independent timing (DIT), in which the processor completes certain instructions in a constant amount of time,” according to the company’s literature. “With DIT enabled, the processor uses the longer, worst-case amount of time to complete the instruction, regardless of the input data.”
The manufacturer of the iPhone further stressed that while activating DIT stops timing-based leakage, developers should follow the advice to “avoid conditional branches and memory access locations based on the value of the secret data” to successfully prevent an adversary from deducing secrets by monitoring the microarchitectural state of the processor.
The announcement coincides with the discovery of a novel graphics processing unit (GPU) attack by a different team of researchers from the Universities of Rennes in France and Graz in Austria. This attack targets popular browsers and graphics cards and uses carefully constructed JavaScript code on a website to infer private data, including passwords.
The method has been called the first GPU cache side-channel attack from within the browser and doesn’t involve user interaction.
“Since GPU computing can also offer advantages for computations within websites, browser vendors decided to expose the GPU to JavaScript through APIs like WebGL and the upcoming WebGPU standard,” according to the study.
“Despite the inherent restrictions of the JavaScript and WebGPU environment, we construct new attack primitives enabling cache side-channel attacks with an effectiveness comparable to traditional CPU-based attacks.”
Through the use of a drive-by attack, a threat actor might weaponize it and make it possible to mine bitcoins or extract AES keys while users browse the internet. It affects a wide variety of GPU hardware as well as all operating systems and browsers that implement the WebGPU standard.
The researchers suggest using the host system’s graphics card as a sensitive resource and forcing websites to get users’ consent before using it, similar to how they would with a camera or microphone, as a countermeasure.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.