Hackers have a new way to try to steal your cryptocurrencies, and if you're using an Apple device manufactured in the last half-decade, there's not much you can do to mitigate the attack.
Security researchers have discovered a vulnerability in Apple's latest computer chips — the M1, M2 and M3 series, which power all of its latest devices — that could allow hackers to steal encryption keys designed to protect data from disclosure. This includes keys to encrypted software wallets installed on vulnerable Apple devices.
A likely target for the malicious exploit would be “power users, like someone who has a cryptocurrency wallet with a lot of money,” Matthew Green, a crypto expert and professor of computer science at Johns Hopkins University, told author and journalist Kim Zetter. Although it is not a “practical” attack, it may target web browser encryption, which could affect browser-based applications such as MetaMask, iCloud backups, or email accounts.
The potential hack was called the “GoFetch exploit” in a eponymous report released by a team of scientists from the University of Illinois Urbana-Champaign (UIUC), the University of Texas, Austin, Georgia Tech, the University of California at Berkeley, the University of Washington, and the University of California. Carnegie Mellon University. It works by accessing the computer's CPU cache through data memory-based prefetchers (DMPs) built into the chips.
“In a cache side-channel attack, the attacker infers the victim's software secret by observing the side effects of the victim's software secret-dependent access to the processor cache,” the researchers said, adding that the experiment was validated using the Apple M1's 4 Firestorm cores ( the performance). “We assume that the attacker and victim do not share memory, but the attacker can monitor any fine-grained side channels available to him, for example, cache latency.”
Today's disclosure differs from the so-called “Augury” prefetching exploit announced in 2022, although it includes a similar mechanism.
The researchers said they informed Apple of their findings on December 5, 2023, and that more than 100 days had passed before the public release of the research paper and its accompanying website.
An Apple spokesperson said in an email Decryption The company is grateful for the collaborative efforts of the researchers and highlights the significant impact of their work in advancing understanding of specific security threats.
An Apple spokesperson indicated that they did not comment further Decryption To an Apple developer post detailing how to mitigate the attack. The recommended workaround may slow down application performance, because it means assuming “worst-case” processing speeds to avoid cache calls. Furthermore, changes must be made by MacOS software creators, not users.
Zetter says that despite its publication, Apple's response has been inadequate.
Apple added a fix for this issue in the M3 chipset released in 2016 [October]”, Zetter chirp“, but the developers were not told about the fix in [October] So they can enable it. Apple added instructions to its developer site on how to enable the fix just yesterday.
For cryptocurrency users, this means it is up to wallet makers like MetaMask and Phantom to implement a patch to protect against the exploit. It is unclear whether either company has made these efforts and representatives for MetaMask and Phantom did not immediately respond. DecryptionRequest for comment.
Currently, if you have a cryptocurrency wallet installed on a vulnerable Apple device, all you can do is remove the wallet from the device to make it work securely. (If you're using an older Apple device with an Intel chip, for example, you're safe.)
Apple users have long considered themselves safe from malware attacks because of the way MacOS and iOS devices are designed. However, in a separate report released in January, cybersecurity firm Kaspersky sounded the alarm about “extraordinary creativity” in creating malware targeting Intel and Apple Silicon devices.
Kaspersky said Apple's malware targeted Exodus wallet users, in an attempt to get them to download a fake, malicious version of the software.
Edited by Ryan Ozawa.
