A recent discovery of a critical flaw in Apple’s M-series processors has raised red flags among cryptocurrency users. The vulnerability, found deep in the chips’ microarchitecture, presents a significant risk to the security of private keys, essential for protecting digital assets. This problem was brought to light by a group of renowned researchers from several universities in the United States, revealing how this loophole can be exploited to compromise digital security.
The central issue lies in the processors’ data memory-dependent prefetcher side channel, a mechanism created to optimize computing efficiency. This feature, however, can allow unwanted extraction of secret keys during cryptographic operations, a crucial component for the security of cryptocurrencies and digital transactions. The way data is processed and cached can inadvertently reveal sensitive information through leaks.
The discoverers of this flaw, who dubbed the attack method “GoFetch”, warn that the exploitation of this vulnerability does not require administrative privileges, which highlights the severity and ease with which attackers can take advantage of the situation. They detail that the problem is not in the value of the pre-fetched data, but in the visibility of intermediate data that resembles an address, which can, over time, expose the secret key.
GoFetch’s impact is broad, threatening not only conventional encryption protocols but also those designed to resist quantum computing attacks. This puts a variety of cryptographic keys at risk, from RSA and Diffie-Hellman to post-quantum algorithms like Kyber-512 and Dilithium-2. The research team demonstrated how quickly a 2048-bit RSA key can be compromised, highlighting the effectiveness of this attack vector.
Mitigating this vulnerability is a considerable challenge, given its intrinsic nature to hardware. Although software-based solutions can be developed, these tend to lead to a decrease in performance, especially in devices using older versions of the M-series chips.
Developers of crypto solutions operating on M1 and M2 processors are urged to implement alternative defenses, albeit with notable performance penalties. The tech community and cryptocurrency users await an official response from Apple on GoFetch’s findings, while researchers recommend looking for software updates that specifically address this issue.
Disclaimer:
The views and opinions expressed by the author, or anyone mentioned in this article, are for informational purposes only and do not constitute financial, investment or other advice. Investing or trading cryptocurrencies carries a risk of financial loss.
Source: https://portalcripto.com.br/vulnerabilidade-em-chips-apple-m-coloca-em-risco-seguranca-de-criptomoedas/
