Trusted

New Vulnerability in Apple MacBook Allows Hackers to Steal Cryptos

2 mins
Updated by Harsh Notariya
Join our Trading Community on Telegram

In Brief

  • Researchers find severe flaw in Apple M-series chips, risking crypto asset security.
  • GoFetch attack on MacBooks leverages data prefetcher flaws, bypassing encryption.
  • Mitigating new MacBook vulnerability may slow crypto operations, demand more power.
  • promo

In a recent academic breakthrough, researchers have exposed a severe vulnerability within Apple’s M-series chips, primarily affecting the security of crypto assets.

This flaw, detailed in a publication by scholars from prestigious institutions, enables attackers to access secret keys during cryptographic operations.

How MacBooks Are Vulnerable to Crypto Hacks

The issue is deeply ingrained in the microarchitecture of Apple’s M1 and M2 chips. Consequently, a direct patch is impossible. Instead, mitigation requires adjustments in third-party cryptographic software, potentially compromising performance.

At the heart of this vulnerability is the data memory-dependent prefetcher (DMP) in these chips. This feature aims to predict and pre-load data, thus minimizing CPU and memory latency.

However, the DMP’s unique behavior can mistakenly interpret memory content as pointer addresses, leading to unintended data leakage through side channels.

Experts like Boru Chen from the University of Illinois Urbana-Champaign and Yingchen Wang from the University of Texas at Austin explain that attackers can exploit this prefetcher’s behavior. They achieve this by crafting inputs that the DMP erroneously recognizes as addresses, thus indirectly leaking encryption keys. This process is central to the newly identified GoFetch attack.

Read more: Crypto Project Security: A Guide to Early Threat Detection

“Our key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate,” the researchers explained.

Remarkably, GoFetch does not require root access to execute. It operates with standard user privileges on macOS systems.

The attack has proven effective against both conventional and quantum-resistant encryption methods, extracting keys within a timeframe that varies by cryptographic protocol.

Facing this threat, developers must navigate the complexity. They need to implement robust defenses that, while effective, could significantly slow down processor performance during cryptographic tasks.

One such mitigation tactic, ciphertext blinding, though potent, could require much more computational power, particularly affecting specific key exchanges.

This GoFetch vulnerability revelation is part of a broader context of increasing digital threats, especially for crypto holders. Recent disclosures have pointed to significant security gaps in iOS and macOS, exploited for crypto scams.

Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets

Institutions like the National Institute of Standards and Technology and cybersecurity experts have highlighted the vulnerabilities in widely used apps and operating systems, advocating for heightened user caution and prompt system updates.

Top crypto platforms | November 2024
ChainGPT ChainGPT Explore
BYDFi BYDFi No KYC
Margex Margex Explore
Сoinex Сoinex Explore
Top crypto platforms | November 2024
ChainGPT ChainGPT Explore
BYDFi BYDFi No KYC
Margex Margex Explore
Сoinex Сoinex Explore
Top crypto platforms | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Harsh.png
Harsh Notariya
Harsh Notariya is an Editorial Standards Lead at BeInCrypto, who also writes about various topics, including decentralized physical infrastructure networks (DePIN), tokenization, crypto airdrops, decentralized finance (DeFi), meme coins, and altcoins. Before joining BeInCrypto, he was a community consultant at Totality Corp, specializing in the metaverse and non-fungible tokens (NFTs). Additionally, Harsh was a blockchain content writer and researcher at Financial Funda, where he created...
READ FULL BIO
Sponsored
Sponsored