Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2   Systems

Nikhil Chawla; Chen Liu; Abhishek Chakraborty; Igor Chervatyuk; Ke; Sun; Thais Moreira Hamasaki; Henrique Kawakami

arXiv:2306.16391·cs.CR·October 8, 2024·1 cites

Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems

Nikhil Chawla, Chen Liu, Abhishek Chakraborty, Igor Chervatyuk, Ke, Sun, Thais Moreira Hamasaki, Henrique Kawakami

PDF

Open Access

TL;DR

This paper demonstrates that software-based power side-channel attacks are feasible on Apple M1/M2 systems by exploiting the System Management Controller, enabling data recovery from cryptographic operations without physical access.

Contribution

It reveals the vulnerability of Apple silicon to software-based power side-channel attacks and analyzes how on-chip power meters can be exploited via software interfaces.

Findings

01

Successful recovery of AES keys from unprivileged applications

02

Feasibility of frequency throttling side-channel attacks on Apple silicon

03

Discussion on industry impact and countermeasures

Abstract

Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsCryptographic Implementations and Security · Security and Verification in Computing · Advanced Malware Detection Techniques