Side channel attacks take bite out of Apple silicon with iLeakage exploit

University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads.

Dubbed “iLeakage,” the exploit targets WebKit, the JavaScript engine that powers Apple’s Safari browser, and is reminiscent of the Meltdown and Spectre attacks of 2018.

The research shows how a remote attacker could steal secrets such as Gmail inbox data, text messages, password manager-supplied credentials via autofill fields, and other miscellaneous information like watch histories from YouTube.

The attack can be launched against Macs, iPhones, and iPads running Apple’s A-series or M-series chips. For macOS, the attack only works on Safari, but for iOS and iPadOS, there’s a much larger attack surface.

As Apple requires all browsers on its App Store to be based on WebKit, third-party browsers on Apple devices, like Chrome and Firefox, are essentially just Safari with proprietary wrappers on them that add functionality, and are therefore vulnerable to the attack.

The researchers disclosed their findings to Apple on September 12, 2022, 408 days before publicly releasing them.

A mitigation for the attack is available to users, but researchers noted this only applies to macOS, isn’t enabled by default, and is currently marked as unstable.

The Register approached Apple for comment but did not receive a response.

How iLeakage works

Meltdown and Spectre are the two most famous side channel attacks (SCAs) and iLeakage is similar in that secrets are stolen after being leaked through a side channel.

Most vulnerabilities are the result of software programming, but side channels are hardware-based and can take many forms. Data can be leaked through sound, a device’s power rails, electromagnetic radiation, and other means.

The side channel exploited in iLeakage lies within the speculative execution feature of Apple’s chips. In fact, speculative execution is a feature of most modern CPUs that offers performance benefits.

It involves a CPU predicting what tasks will be demanded of it before instructions are given, all in a bid to create a faster experience for the end user.

A key part of speculative execution is that if the CPU mispredicts a task – it thinks it’s going to be asked to do something, does the first part of it to speed things along, but then isn’t asked to do it – the CPU should revert to the state it was in before it performed the pre-executions.

This is the mechanism exploited by Spectre attacks, which involve manipulating CPUs into pre-executing incorrect instructions that depend on sensitive data. That data can then be inferred through a side channel even after the CPU realizes its mistake and reverts to its previous state.

Since Meltdown and Spectre were announced, browser vendors have implemented measures to secure their products against these types of attacks. Apple is no different, and implements a number of side channel hardening measures including site isolation, 35-bit addressing, and a low-resolution timer.

Safari’s site isolation is designed to let no two tabs share a rendering process, assigning one new process to each tab until memory runs out.

Speculative execution attacks depend on an attacker being able to coerce a target page, such as a Gmail inbox, into the address space of a malicious website controlled by the attacker which is used to steal a victim’s secrets.

The researchers were able to circumvent this site isolation countermeasure by binding the window.open JavaScript API to the onmouseover event listener, meaning they were able to open any website they wanted and extract data from it as long as the user’s cursor was on the page.

Despite site isolation countermeasures preventing two tabs from being rendered in the same process, researchers found that an attacker-controlled site can call the window.open method and open the target page in the same process, in turn allowing the speculative execution-based SCA to be carried out.

That’s the first breakthrough achieved. The second was to bypass WebKit’s 35-bit addressing and value positioning countermeasures by exploiting a speculative confusion vulnerability – something the researchers believe to be a first for Apple’s ecosystem.

Here, the researchers created a primitive that could speculatively read and leak any 64-bit pointer within Safari’s rendering process, they said.

Finally, Safari’s low resolution timers were also bypassed in two different ways. The researchers created a gadget that could distinguish individual cache hits from cache misses even with Apple’s timers, and they also developed a timer-less variant that was based on race conditions.

With all the countermeasures bypassed and the conditions for a speculative execution attack in place, a real-world exploit of this would depend on a victim visiting an attacker-controlled web page set up to exploit iLeakage.

In all the specific attacks, such as on Gmail, the victim would already have to be logged into that service for an attacker to be able to steal information.

In the case of a password manager’s credentials being stolen, this depends on autofill working to the attacker’s advantage. The researchers were able to demonstrate in Safari, on a machine with LastPass 4.107.1 installed, that passwords could be stolen from autofilled fields.

This would only work if the victim has used the autofill feature to log in before as LastPass requires user interaction when autofilling credentials to a service for the first time.

Text messages could also be stolen if the victim uses an Android-based phone that’s paired with the Google Messages platform. Researchers showed that by opening Google Messages in a browser an attacker could leak text messages without targeting the phone itself.

The real-world applicability of this attack is fairly low. For starters, most users would close a tab they didn’t open themselves almost immediately. Given that it’s required for an iLeakage attack, it’s a big limitation.

In attack scenarios on iPad, for example, the researchers showed that to steal Gmail data a victim would have to visit an attacker-controlled website and tap somewhere on that site that would open their Gmail inbox in a new tab.

Again, to many, this would set off alarm bells and prompt the user to shut both sites down, ending the attack.

The speed of data exfiltration is also pretty glacial. Researchers were able to extract secrets at a rate of 24-32 bits per second, and judging by the video demonstrations, it took five minutes for the attacker-controlled site to recover the targeted data, limiting iLeakage’s real-world applications.

Unsurprisingly, the researchers said they weren’t aware of this attack being exploited before, not just for the speed of it but also the high degree of technical understanding required to execute it.

That said, the accuracy of data exfiltration was impressive and ranged between 90 and 99 percent depending on which device was targeted, we’re told. If the attacker was able to trick a user into letting this lengthy attack take place on their device, they would be confident that anything returned would be valuable. ®

READ MORE HERE