Attention Apple Mac Users: Your Cryptos May Be At Risk
Apple's M-series processors may be vulnerable to a new vulnerability that might expose crypto users' private keys. The microarchitecture of these chips has this weakness, which Ars Technica originally uncovered and a study by top US university academics explained.
Beware Mac Users: Crypto Owners Need This
A side channel in the chip's data memory-dependent prefetcher (DMP), which boosts computing performance, causes the vulnerability. This feature accidentally permits the extraction of secret keys during cryptographic operations, which is crucial to cryptocurrency and other digital transaction security.
The researchers said, “We don't care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.” This revelation worries bitcoin investors since private keys secure digital wallets and transactions.
GoFetch has major ramifications for both regular and quantum-resistant encryption methods. This threatens RSA, Diffie-Hellman, Kyber-512, and Dilithium-2 cryptographic keys.
The researchers noted that “The GoFetch app requires less than an hour to extract a 2048-bit RSA key and a little over two hours to extract a 2048-bit Diffie-Hellman key,” demonstrating its efficiency and risk.
This hardware-based vulnerability is difficult to mitigate. However, software-based protections typically reduce performance, especially on devices with older M-series CPUs.
The researchers stated that cryptographic software writers using M1 and M2 processors would need to deploy additional protections, which sometimes result in considerable performance penalties, adding to the challenges for both developers and consumers.
Apple has not commented on the GoFetch revelations, leaving tech and crypto users hungry. In the meanwhile, experts encourage users to watch for software upgrades that fix this issue.
