A new proof of concept (PoC) exploit called iLeakage has been demonstrated by a group of US and German university professors to steal sensitive user data from Apple devices by improving on side-channel attack techniques used by Spectre and MeltDown, which alarmed CISOs when the vulnerabilities first surfaced in 2018.
While the researchers remain unaware of any iLeakage exploitation in the wild, and note it would take a high level of technical understanding to recreate it, they point out that their novel exploit uncovers vulnerabilities to side-channel attacks that still exist.
“iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery,” said the researchers in an overview of their POC white paper, posted last week.
The iLeakage PoC has managed to steal private data including Gmail content, text messages, login details filled by password managers, and YouTube watch histories on target machines. Affected devices include machines running macOS or iOS with Apple’s A-series or M-series CPUs, including recent iPhones and iPads, as well as Apple’s laptops and desktops from 2020 and onwards, according to the researchers.
“We show (through iLeakage) how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution,” the researchers said. “In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content.”
Side channel attack uses WebKit
iLeakage performs its side channel attack in part by targeting WebKit, the JavaScript engine powering Apple’s Safari browser. Users of macOS devices who use other browsers such as Chrome, Firefox, and Edge — which incorporate different JavaScript engines — are not susceptible to iLeakage. But iOS-based devices — essentially, iPhone and iPads — are a different story.
As a result of Apple’s sandboxing policies and techniques for iOS devices, the researchers say, other browsers for IOS devices must use the Safari JavaScript engine, and so iPhones and iPads with the vulnerable CPUs are all affected no matter which browser is being used.
Side channel attacks exploit systems that leak data in different ways. In the case of iLeakage, essentially an improved version of Spectre and MeltDown, the side channel that is targeted is derived from CPU microarchitecture.
iLeakage exploits CPU speculative execution
As with Spectre and MeltDown side channel attacks, iLeakage targets a widely known vulnerability that exploits the so-called speculative execution mechanism in modern processors, which Apple silicon also use. The speculative execution process allows CPUs to execute predicted tasks before they have been actually asked to do so, in order to have some output ready when the program needs it.
Attacks that exploit speculative execution employ software that force CPUs to execute a flow of instructions that may depend on sensitive data, which then is stored in temporary caches. These attacks then use the caches as side channels from which they exfiltrate the sensitive information.
Software makers including Apple have hardened browsers against speculative execution attacks, the researchers pointed out. But after reverse-engineering the Apple CPU cache organization, the researchers developed a software gadget. “We use this gadget as both a test to generate cache eviction sets and as a covert channel,” the researchers said, adding that they then applied the gadget’s techniques to the Safari browser.
“Ultimately, we achieve a out-of-bounds read anywhere in the address space of Safari’s rendering process.”
Speculative execution attacks generally use the timestamp details of each predictive task to help enable the extraction of sensitive information. That’s because speculatively executed instructions can access data and cache lines, and the timing of these memory accesses can reveal information to an attacker.
The researchers note, however, that recording the granular cache hit and miss times has been made difficult in Apple silicon since the company implements low-resolution (i.e., high approximation) timers in both native and browser-based environments. Hits refer to every time the data is retrieved from the cache when requested, and misses refer to each time the retrieval fails.
Circumventing Safari defenses
Using a novel approach, the researchers circumvented the timer issue by taking into account that cache misses and hits have different sizes of speculation windows — the duration or number of instructions that can be speculatively executed. This allows allowed them to devise a “timer-less” primitive (unit of processing) to distinguish cache hits from misses in so-called race condition, without depending on a timer-based primitive.
Speculative execution attacks rely on the ability of an attacker to manipulate a target page and incorporate it into the memory space of a malicious website under the attacker’s control. So attackers using iLeakage must lure victims to a specially crafted website. The attack executes when the victim taps on the malicious site.
In developing iLeakage, the researchers found a way to overcome Safari’s site isolation feature, which is intended to ensure that each tab has its dedicated rendering process, allocating a new process for each tab until memory constraints are reached.The researchers found a way to bypass this security measure by binding the window.open JavaScript API with the onmouseover event listener. This allows the malicious website to open any website as a target page — a Gmail login page, for example.
The circumvent also allows the malicious website to call the window.open JavaScript function method to open the target page in the same process as the attacker-controlled site — in other words, allowing the malicious website to gain access to legitimate memory access attempts as the victim machine interacts with the target page — and launch the speculative execution side channel.
The iLeakage attack has a big limitation in the sense that it needs the victim to not close the target page opened by the malicious website.
The researchers note that Apple has implemented a mitigation for iLeakage, but only on macOS devices that use Ventura 13.0 and higher. The mitigation is not turned on by default, and they explain how to turn it on in a FAQ contained in an overview of the PoC.
A detailed technical explanation of iLeakage is presented in a white paper published by the researchers.