TLDR:
Researchers have unveiled a new side-channel attack, GoFetch, that poses a severe threat to the security of Apple CPUs. The attack exploits Data Memory-dependent Prefetchers (DMPs) in modern processors to extract secret cryptographic keys from constant-time cryptographic implementations. The attack challenges previously believed restrictions and defense mechanisms, showcasing the need for reevaluation and new strategies in processor design.
Article:
Researchers have recently discovered a new class of microarchitectural side-channel attacks known as GoFetch. This attack targets the security of Apple CPUs by exploiting the Data Memory-dependent Prefetchers (DMPs) present in modern processors to extract secret cryptographic keys from constant-time cryptographic implementations.
The GoFetch attack is based on the understanding of DMP behaviors, which can be activated by any program to dereference any data brought into the cache resembling a pointer. This behavior puts a significant amount of program data at risk and challenges previously believed restrictions.
The cornerstone defense against side-channel attacks has been bypassed by the GoFetch attack, highlighting the need for new strategies and defenses. The researchers reverse-engineered DMPs found on Apple CPUs and Intel’s latest architecture to develop attack primitives that do not require shared memory between attacker and victim, demonstrating the severity of the threat.
The implications of the GoFetch attack on processor design have raised concerns about the security of data memory-dependent prefetchers. The findings were disclosed to various organizations, with Apple investigating the proof of concept and industry responses suggesting short-term solutions and the need for hardware fixes in the long term.
This discovery serves as a reminder of the evolving cybersecurity threats and the continuous battle between attackers and defenders. As processors become more complex, research and proactive defense mechanisms are crucial to securing digital infrastructure against such vulnerabilities.