This attack method, called "GoFetch" by discoverers, does not require administrative access and is concerned that attackers will find it easier to exploit this vulnerability.
According to the development team, "we are not concerned about the value of the data that is prefetched, but the fact that the intermediate data looks like an address is enough to map through the cache channel and reveal the #private key over time. " "This revelation is of particular concern to #cryptocurrency holders, as the private key is the foundation of digital wallet and transaction security.
The impact of GoFetch is so great that it affects not only traditional encryption protocols, but also protocols designed to protect against quantum computing attacks. This puts at risk a wide range of cryptographic keys such as RSA and Diffie-Hellman, as well as post-quantum algorithms such as Kyber-512 and Dilithium-2.
The researchers report that "it takes the GoFetch application less than 1 hour to extract a 2048-bit RSA key and more than 2 hours to extract a 2048-bit Diffie-Hellman key.
Fixing this vulnerability is a major challenge due to the nature of the hardware. Software-based protections can be developed, but performance is often degraded, especially on devices with older M-series chips.
Cryptocurrency developers running on M1 and M2 processors [. "Other protection measures must be used, but most are associated with significant performance degradation," the researchers said, pointing out the difficult road ahead for both developers and users.
Apple has yet to release the results of the GoFetch survey, so the tech community and cryptocurrency users are eagerly awaiting the responses. In the meantime, researchers advise end users to keep an eye out for software updates that specifically address this vulnerability.
Given the slow process required to manually assess implementation vulnerabilities, the cryptocurrency community faces a period of uncertainty and increased risk.
Jake Simmons has been interested in #Bitcoin since 2016.
Read us at: Compass Investments