Apple’s M-Series Chips Expose Mac Users’ Crypto Private Keys to Security Vulnerability
Researchers have discovered a significant security flaw in Apple’s M-series chips, raising concerns about the safety of crypto private keys stored on Mac computers.
According to a recent report, the vulnerability, known as a side-channel exploit, allows malicious actors to extract encryption keys while the Apple chips are running commonly used cryptographic protocols.
Unlike typical vulnerabilities that can be fixed with software patches, this flaw is inherent in the microarchitecture design of the chips themselves, making it impossible to patch.
To mitigate the issue, third-party cryptographic software could be used, but this would significantly impact the performance of earlier M-series chips like the M1 and M2.
Fundamental Weakness in Apple’s M-Series Chips Threatens Crypto Holders’ Security
This discovery highlights a fundamental weakness in Apple’s hardware security infrastructure.
Hackers can intercept and exploit memory access patterns to gain unauthorized access to sensitive information, including encryption keys used by cryptographic applications.
The researchers have named this type of attack the “GoFetch” exploit, which operates seamlessly within the user environment and requires standard user privileges like regular applications.
Following the disclosure of this research, Mac users in online forums have expressed concerns and raised questions about the potential impact on password keychains.
Some users believe that Apple will address the issue directly in its operating system, while others are more worried if the company fails to do so.
One user speculated that Apple might already be aware of this flaw and suggested that the upcoming M3 chip could include an additional instruction to disable the vulnerable feature, referring to previous research on the topic called “augury” from 2022.
Apple Faces Lawsuit from DOJ
This discovery adds to the challenges Apple is currently facing, including an ongoing antitrust lawsuit filed by the US Department of Justice (DOJ).
The lawsuit alleges that Apple’s App Store rules and alleged monopoly have hindered competition and innovation.
The DOJ also claims that Apple has restricted access to competing digital wallets with enhanced features while preventing developers from offering their own payment services to users.
Last year, a class-action lawsuit was filed against Apple, accusing the tech giant of conspiring to limit peer-to-peer payment options on its devices and block the integration of crypto technology in iOS payment apps.
The complaint alleges that Apple entered into anti-competitive agreements with popular payment platforms like PayPal’s Venmo and Block’s Cash App.
These agreements supposedly limit the use of decentralized cryptocurrency technology in payment apps, resulting in inflated prices for users.
Additionally, Apple’s guidelines require app developers to share 30% of transaction revenues, which has been a barrier for crypto firms, including those facilitating the purchase of non-fungible tokens (NFTs), as they try to provide services to iOS users.
As reported, Apple recently removed the Bitcoin-friendly social media app Damus from the App Store for violating its terms of service.
The app had a tipping feature that allowed content creators to receive tips in the form of Bitcoin through the Lightning Network.
Apple deemed this feature a violation of its guidelines as it prohibits developers from selling additional in-app content unless the transactions go through Apple, which takes a 30% cut.
Follow Us on Google News