Discovered an Apple M-Series chip security vulnerability that could potentially endanger cryptocurrency private keys.
On the same day, the US Department of Justice (DOJ) filed an antitrust case against the iPhone manufacturer. The agency alleges monopolistic practices harm consumers, developers and competitors.
Apple's M-Series Chip Security Vulnerability
The research team identified the prefetcher vulnerability based on the data memory (DMP) of the M-Series chip.
Expert George explains that DMP is a hardware optimization that predicts and preloads data into the CPU cache. However, it runs into problems when it occasionally confuses sensitive data. The M-Series chip's DMP appears to be mistaking private keys for memory addresses.
This phenomenon is called “dereferencing pointers.” It creates a vulnerability known as “side-channel attacks.”
Researchers have demonstrated the ability to extract other cryptographic keys (including RSA, Diffie-Hellman, Kyber, and Dilithium) in 1 to 10 hours using the GoFetch attack. This attack needs the target and malicious applications to operate on the same CPU.
To attack, it is necessary to provide input to the cryptocurrency application and perform operations to gradually reveal private keys. This is interactive, not passive. It must bypass macOS's security measures to execute on the system.
Unfortunately, fixing this error is not simple. Because it comes from the microarchitectural design of the M-Series chip line. Currently it is almost impossible to patch. However, implementing third-party defenses can minimize the risk.
Apple Entangled in Legal Troubles
US regulators have filed a lawsuit against Apple over its business model of “walled garden.” This helped Apple establish an illegal monopoly on the smartphone market.
The lawsuit accuses Apple of implementing “rules and restrictions in its development agreements that allow Apple to collect higher fees and hinder innovation.” This also provides a less secure user experience or limits competitive options.
These suppression rules are implemented across diverse products.
Members of the cryptocurrency community have highlighted the importance of this lawsuit. Tribes Protocol founder Hish Bouabdallah said:
“If Apple loses this fight, it could pave the way for cryptocurrency transactions in the US. It is very possible that we will be able to make transactions seamlessly using services like Coinbase Wallet with just a double tap and FaceID.”