Overview of GoFetch Attack: It's a microarchitectural side-channel attack using data memory-dependent prefetchers (DMPs) to extract secret keys from constant-time cryptographic implementations on many Apple CPUs. It can target OpenSSL Diffie-Hellman, Go RSA, CRYSTALS Kyber and Dilithium.

• Updates: In December 2024, reverse engineered Intel DMP and new techniques; in August 2024, won Pwnie Award; in April 2024, found HID configuration bit to disable DMPs on m1 and m2 CPUs.

Frequently Asked Questions:

• Attack based on Apple's DMP in latest processors. Reverse-engineered DMP on m-series CPUs and found it activates and attempts to dereference data like pointers, violating constant-time programming paradigm.
• Exploit DMP by crafting inputs to cryptographic operations. Verify guesses through cache-timing analysis. Show end-to-end key extraction attacks on various cryptosystems.
• Mounted attacks on m1 processors and tested on m2 and m3 CPUs. Hypothesize other m-series variants have exploitable DMPs. Intel's 13th Gen Raptor Lake also has DMP with more restrictive activation criteria.
• Apple m-series DMP was first discovered by Augury, but its activation criteria are overly restrictive. GoFetch shows DMP is more aggressive and poses greater security risk.
• Modern processors use caches. Constant-time programming aims to harden code against side-channel attacks. DMP generates secret-dependent memory access on victim's behalf, making code susceptible to attacks.
• Prefetchers predict memory addresses. DMP considers memory content to handle irregular access patterns, mixing data and memory addresses and enabling the attack.
• Assessing vulnerability requires cryptanalysis and code inspection. Some processors have bits to disable DMP.