0
0
Significant Vulnerability Discovered in Apple’s M-Series Chips
Academic researchers recently uncovered a substantial vulnerability within Apple’s M-series computing chips, putting the security of private crypto keys at risk.
Identifying the Vulnerability
The research team pinpointed the data memory-dependent prefetcher (DMP) vulnerability present in the chips. This hardware optimization anticipates and preloads data into the CPU cache before it is needed. However, it occasionally mistakes sensitive data, such as encryption keys, for memory addresses, leading to a phenomenon known as “dereferencing pointers” and creating a vulnerability for “side-channel attacks.”
Through a GoFetch attack, the researchers were able to extract various encryption keys, including RSA, Diffie-Hellman, Kyber, and Dilithium, within 1 to 10 hours. This type of exploit requires targeted and malicious crypto apps to run on the same CPU cluster.
For the attack to be successful, the malicious app must provide inputs to the crypto app, directing it to execute operations and gradually leaking the encryption key. This interactive exploit must bypass macOS security measures to operate on the system.
Unfortunately, rectifying this flaw is complex as it stems from the microarchitectural design of the chips, making it impossible to patch. However, implementing defensive measures within third-party encryption software can help mitigate the risk.
Legal Challenges for Apple
Simultaneously, the US Department of Justice filed an antitrust case against Apple on the grounds of alleged monopoly practices that harm consumers, developers, and competitors. This legal action, supported by 16 state attorney generals, accuses Apple of establishing an illegal monopoly in the smartphone market through its “walled garden” business model.
The lawsuit alleges that Apple has enforced restrictive rules and guidelines in its App Store, developer agreements, and various products like text messaging, smartwatches, and digital wallets. These regulations are claimed to enable Apple to charge higher fees, stifle innovation, offer a less secure user experience, and limit competitive alternatives.
Members of the crypto community have emphasized the significance of this legal battle for the industry. Hish Bouabdallah, the founder of Tribes Protocol, noted that a potential Apple loss could open the door for crypto payments in the US, allowing seamless transactions through services like Coinbase Wallet with just a double tap and FaceID.
Image/Photo credit: source url
