GoFetch

GoFetch
	The GoFetch project logo
Date discovered	privately disclosed to Apple on 5 December 2023; 20 months ago, public announcement on 20 March 2024; 17 months ago
Discoverer	Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin
Affected hardware	Apple silicon CPUs (M1, M2, M3 and A14)
Website	https://gofetch.fail/

GoFetch is a family of cryptographic attacks on recent Apple silicon CPUs that exploits the CPU's on-chip data memory-dependent prefetcher (DMP) to investigate the contents of memory.^[2]^[1]

Attacks

CPUs affected include the M1, M2, M3 and A14 series system-on-a-chip processors.^[1]

The DMP looks at cache memory content for possible pointer values, and prefetches the data at those locations into cache if it sees memory access patterns that suggest following those pointers would be useful.^[3]^[4] The GoFetch attacks use those speculative cache fetches to undermine a number of different cryptographic algorithms by using memory access timings to exfiltrate data from those algorithms using timing attacks.

The authors of GoFetch state that they were unable to make their exploit work on the Intel Raptor Lake processor they tested due to its more limited DMP functionality.^[1]

References

^ ^a ^b ^c ^d ^e "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers". gofetch.fail. Retrieved 2024-03-22.
^ "Apple Silicon chip flaw can leak encryption keys, say researchers". AppleInsider. 2024-03-21. Retrieved 2024-03-22.
^ "Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest". www.prefetchers.info. 2022-05-02. Retrieved 2024-03-30.
^ Vicarte, Jose Rodrigo Sanchez; Flanders, Michael; Paccagnella, Riccardo; Garrett-Grossman, Grant; Morrison, Adam; Fletcher, Christopher W.; Kohlbrenner, David (May 2022). Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest. 2022 IEEE Symposium on Security and Privacy (SP). San Francisco, CA, USA: IEEE. pp. 1491–1505. doi:10.1109/SP46214.2022.9833570. ISBN 978-1-6654-1316-9.

External links

Official website

[GoFetch-1] "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers". gofetch.fail. Retrieved 2024-03-22.

[2] "Apple Silicon chip flaw can leak encryption keys, say researchers". AppleInsider. 2024-03-21. Retrieved 2024-03-22.

[Augury-3] "Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest". www.prefetchers.info. 2022-05-02. Retrieved 2024-03-30.

[4] Vicarte, Jose Rodrigo Sanchez; Flanders, Michael; Paccagnella, Riccardo; Garrett-Grossman, Grant; Morrison, Adam; Fletcher, Christopher W.; Kohlbrenner, David (May 2022). Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest. 2022 IEEE Symposium on Security and Privacy (SP). San Francisco, CA, USA: IEEE. pp. 1491–1505. doi:10.1109/SP46214.2022.9833570. ISBN 978-1-6654-1316-9.

[1]

[2]

[3]

[4]

GoFetch

GoFetch

GoFetch

Add your contribution

Hub overview

Root Wikipedia Article

GoFetch

Attacks

References

External links