See More

New Vulnerability in Apple MacBook Allows Hackers to Steal Cryptos

2 mins
Updated by Harsh Notariya
Join our Trading Community on Telegram

In Brief

  • Researchers find severe flaw in Apple M-series chips, risking crypto asset security.
  • GoFetch attack on MacBooks leverages data prefetcher flaws, bypassing encryption.
  • Mitigating new MacBook vulnerability may slow crypto operations, demand more power.
  • promo

In a recent academic breakthrough, researchers have exposed a severe vulnerability within Apple’s M-series chips, primarily affecting the security of crypto assets.

This flaw, detailed in a publication by scholars from prestigious institutions, enables attackers to access secret keys during cryptographic operations.

How MacBooks Are Vulnerable to Crypto Hacks

The issue is deeply ingrained in the microarchitecture of Apple’s M1 and M2 chips. Consequently, a direct patch is impossible. Instead, mitigation requires adjustments in third-party cryptographic software, potentially compromising performance.

At the heart of this vulnerability is the data memory-dependent prefetcher (DMP) in these chips. This feature aims to predict and pre-load data, thus minimizing CPU and memory latency.

However, the DMP’s unique behavior can mistakenly interpret memory content as pointer addresses, leading to unintended data leakage through side channels.

Experts like Boru Chen from the University of Illinois Urbana-Champaign and Yingchen Wang from the University of Texas at Austin explain that attackers can exploit this prefetcher’s behavior. They achieve this by crafting inputs that the DMP erroneously recognizes as addresses, thus indirectly leaking encryption keys. This process is central to the newly identified GoFetch attack.

Read more: Crypto Project Security: A Guide to Early Threat Detection

“Our key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate,” the researchers explained.

Remarkably, GoFetch does not require root access to execute. It operates with standard user privileges on macOS systems.

The attack has proven effective against both conventional and quantum-resistant encryption methods, extracting keys within a timeframe that varies by cryptographic protocol.

Facing this threat, developers must navigate the complexity. They need to implement robust defenses that, while effective, could significantly slow down processor performance during cryptographic tasks.

One such mitigation tactic, ciphertext blinding, though potent, could require much more computational power, particularly affecting specific key exchanges.

This GoFetch vulnerability revelation is part of a broader context of increasing digital threats, especially for crypto holders. Recent disclosures have pointed to significant security gaps in iOS and macOS, exploited for crypto scams.

Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets

Institutions like the National Institute of Standards and Technology and cybersecurity experts have highlighted the vulnerabilities in widely used apps and operating systems, advocating for heightened user caution and prompt system updates.

Top crypto projects in the US | May 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Harsh Notariya
Harsh Notariya excels in delivering SEO-optimized crypto news under tight deadlines. Previously, as a Growth Marketer at Sporty and a Community Consultant at Totality Corp, he significantly boosted community engagement and followers. Harsh also crafted engaging content for top crypto influencer Shivam Chhuneja, blending meme references for an educational yet fun experience. His versatile skills make him a notable figure in crypto journalism.