Insights

It’s not just Apple’s M-series chips that are vulnerable to attack

Written by Penta | Apr 8, 2024 5:29:00 PM

A group of academic researchers have discovered a vulnerability in a commonly used processing chip, including Apple’s new M-series chips, which could leave users open to cyberattacks. The feature, called ‘data memory-dependent prefetcher’ could be exploited to steal secret encryption keys. 

Their findings have made headlines, particularly those around Apple’s chips, but the problem is wider. 

So, what does this mean for you?

What are Apple’s M-series chips?

ARM chips are in almost all computers – smartphones, personal computers, servers – and more. They are central to the device’s performance. While ARM chips are in almost every smartphone, Apple’s version of ARM chips is the M-series, which it has been using in various devices for years. 

From a user’s perspective, the M series, according to Apple, creates faster processing and uses less power.

The latest M-series chip had a new function called data memory-dependent prefetchers (DMP). It essentially analyses previous behaviour and predicts future searches, thus pre-saving it onto the cache to speed up future performance. 

Many devices, Apple and other manufacturers, already use DMP. 

What’s the problem with the latest M-series?

According to academic research, DMP chips and the M-series’s DMP function are vulnerable to a “GoFetch” attack. Essentially, by predicting future behaviour the chip could disclose information that could be stolen by hackers using side-channels. 

GoFetch attacks are complicated and have been used since 2022. 

In the paper, titled “GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers”, the researchers said:

“Microarchitectural side-channel attacks have shaken the foundations of modern processor design. The cornerstone defence against these attacks has been to ensure that security-critical programmes do not use secret-dependent data as addresses. Put simply: do not pass secrets as addresses to, e.g., data memory instructions. Yet, the discovery of data memory-dependent prefetchers (DMPs)—which turn programme data into addresses directly from within the memory system—calls into question whether this approach will continue to remain secure.”

Although Apple’s M-series is cited, the paper concludes: “the problem seemingly transcends specific processors and hardware vendors and thus requires dedicated hardware countermeasures”. 

In short, there is an easy fix. The flaw is fundamental to DMP, and would require a “drastic solution”.