Unpatchable 'GoFetch' vulnerability in Apple Silicon chips exposes cryptographic keys

A new vulnerability has been discovered in Apple's M-series chips that enables attackers to extract secret keys from Macs during cryptographic operations, according to a paper published by academic researchers. The flaw, named GoFetch, is a side channel that allows for end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols.

The vulnerability lies in the microarchitectural design of the Silicon chip itself, meaning it cannot be patched directly. Mitigation can only be achieved by building defenses into third-party cryptographic software, which could significantly reduce the performance of M-series chips, especially the earlier M1 and M2 generations, when performing cryptographic operations.

GoFetch is a result of how processors with data memory-dependent prefetchers (DMPs), such as Arm-compatible Apple Silicon chips and 13th generation and newer Intel architectures, process information. This can lead to the disclosure of sensitive data to malware on a device. The research indicates that the DMP feature in Apple Silicon CPUs could bypass security measures in cryptographic software, potentially allowing attackers to access sensitive information, like a 2048-bit RSA key, in under an hour in some cases.

The flaw is inherent in M1, M2, and M3 chips. Since the flaw is part of the chip architecture, there's no way for Apple to rectify it in existing devices. Exploiting the vulnerability requires an attacker to trick a user into installing a malicious app. However, unsigned Mac apps are blocked by default, and the time required to execute an attack is substantial, ranging from 54 minutes to 10 hours in tests conducted by researchers.

End users concerned about this vulnerability should look out for GoFetch mitigation updates available for macOS software that implements any of the four known vulnerable encryption protocols. As a precaution, it is advisable to assume that other cryptographic protocols may also be susceptible.