A recently uncovered flaw in Apple’s M-series chips could allow attackers to extract secret keys from Macs during common cryptographic operations, according to a paper published on Thursday by academic researchers.
The Vulnerability
The vulnerability in question is a side channel that allows end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols. This flaw is particularly concerning because it cannot be patched directly. The reason for this is that it stems from the microarchitectural design of the silicon itself. This means that the vulnerability is baked into the very fabric of the chips, making it impossible to remove without redesigning and replacing the chips themselves.
Mitigation Strategies
Given that the vulnerability cannot be patched directly, the only option is to mitigate its effects. This can be done by building defenses into third-party cryptographic software. However, this solution is not without its drawbacks. Implementing these defenses could drastically degrade the performance of M-series chips when executing cryptographic operations, particularly on the earlier M1 and M2 generations. This is a significant concern as it could potentially slow down the operation of any Macs using these chips.
Furthermore, the vulnerability can be exploited when the targeted cryptographic operation and a malicious application with normal user system privileges run on the same CPU cluster. This means that an attacker could potentially exploit this vulnerability simply by running a malicious application on the same machine.
The Threat of Hardware Optimizations
The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.
Security Implications
Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.
The Breakthrough of the New Research
The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—is a flagrant violation of the constant-time paradigm.
The Research Team
The team of researchers who discovered this vulnerability consists of:
- Boru Chen, University of Illinois Urbana-Champaign
- Yingchen Wang, University of Texas at Austin
- Pradyumna Shome, Georgia Institute of Technology
- Christopher W. Fletcher, University of California, Berkeley
- David Kohlbrenner, University of Washington
- Riccardo Paccagnella, Carnegie Mellon University
- Daniel Genkin, Georgia Institute of Technology
In an email, they explained:
“Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value “looks like” a pointer, it will be treated as an “address” (where in fact it’s actually not!) and the data from this “address” will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.”
Conclusion
This vulnerability in Apple’s M-series chips is a serious concern for the security of Macs and the data they hold. While mitigation strategies exist, they come with the cost of degraded performance. As technology continues to advance, it is crucial that we remain vigilant about potential vulnerabilities and work towards developing effective countermeasures. This incident serves as a reminder of the importance of robust security measures in our increasingly digital world. It also highlights the need for ongoing research and collaboration in the field of cybersecurity to identify and address such vulnerabilities. As users, staying informed about these issues is the first step towards protecting our data and devices. As the saying goes, forewarned is forearmed.