BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Augury is a Novel Microarchitectural Attack Affecting Apple Silicon

Augury is a Novel Microarchitectural Attack Affecting Apple Silicon

This item in japanese

Researchers from the University of Illinois Urbana-Champaign, the University of Washington, and the Tel Aviv University have described an attack, dubbed Augury, that leaks data at rest on recent processors from Apple, including the A14 and the M1 family.

Augury could be the first of a novel kind of attacks that leaks data at rest in memory, i.e. before it even reaches the processor core. This opens a completely different scenario than the one we came to know with side-channels vulnerabilities, which may leak data in use, i.e. data that is accessed and transmitted through an unsafe operation.

According to the researchers, the possibility of leaking data at rest is brought on by special microarchitectural optimizations such as silent stores, cache compression, and data memory-dependent prefetchers (DMP). Until now, though, they say, data-at-rest attacks have only been a theoretical possibility. Augury seems to demonstrate for the first time that this kind of exploits are possible in the wild, specifically using DMP.

In fact, Apple processors the Apple M1, M1 Max, M1 Pro, and A14 processors all provide an Array-of-Pointers prefetcher, used to prefetch the result of dereferencing those pointers in advance on their actual use. This mechanism is able to dereference memory locations beyond the array boundaries.

This act of dereferencing the out-of-bounds pointer (potentially even if it is not actually a pointer!) creates a memory side channel that an attacker can use to learn the pointer.

While theoretically it has been shown that DMPs may have disastrous security implications, this does not seem to be the case for Apple's CPUs. First off, given the absence of documentation about Apple M1 AoP, it is not trivial for an attacker to find the activation pattern. As David Kohlbrenner, one of the researchers who uncovered Augury, explains, the kind of DMP enabled by Apple CPUs is "about the weakest DMP and attacker can get":

It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR. We believe there are better attacks possible.

Additionally, the researchers remark, sandboxing is a well-known technique that already assumes that an attacker could leak any value in the virtual address space. For this reason, sandboxed systems appear to be safe from the M1 DMP. This does not mean that the attack should not be taken seriously, since existing non-sandboxed programs and kernels could be affected and leak data in their address spaces.

The scenario opened up by Augury is completely new, both for attackers and defenders. The relative novelty of DMP vulnerabilities means that little information is available to understand how they could be exploited, yet it will trigger new efforts to devise new explotation scenarios, the researchers say. For defenders, the existence of DMP will require new approaches to protect data that is not being operated on.

About the Author

Rate this Article

Adoption
Style

BT