GoFetch
| File:Gofetch.svg The GoFetch project logo | |
| Date discovered | privately disclosed to Apple on 5 December 2023,[1] public announcement on 20 March 2024[1] |
|---|---|
| Discoverer | Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin |
| Affected hardware | Apple silicon CPUs (M1, M2, M3 and A14) |
| Website | https://gofetch.fail/ |
GoFetch is a family of cryptographic attacks on some Apple silicon chips that exploits the CPU's on-chip data memory-dependent prefetcher (DMP) to investigate the contents of memory.[2][1]
Attacks
[edit | edit source]Chips affected include the M1, M2, M3 and A14 series systems-on-a-chip.[1]
The DMP looks at cache memory content for possible pointer values, and prefetches the data at those locations into cache if it sees memory access patterns that suggest following those pointers would be useful.[3][4] The GoFetch attacks use those speculative cache fetches to undermine a number of different cryptographic algorithms by using memory access timings to exfiltrate data from those algorithms using timing attacks.
The authors of GoFetch state that they were unable to make their exploit work on the Intel Raptor Lake processor they tested due to its more limited DMP functionality.[1]
References
[edit | edit source]- ^ a b c d e Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
External links
[edit | edit source]- Lua error in Module:Official_website at line 94: attempt to index field 'wikibase' (a nil value).