Apple’s M-Series Chips Expose Mac Users’ Crypto Private Keys to Security Vulnerability
A recent report has revealed a significant security vulnerability in Apple’s M-series chips, raising concerns about the safety of crypto private keys stored on Mac computers. This vulnerability, known as a side-channel exploit, allows malicious actors to extract encryption keys while the Apple chips are executing commonly used cryptographic protocols. Unlike typical vulnerabilities that can be fixed with software patches, this flaw is inherent in the microarchitectural design of the chips themselves, making it impossible to patch.
To address this issue, third-party cryptographic software would need to be used. However, this could negatively impact the performance of earlier M-series chips, such as the M1 and M2. This discovery highlights a fundamental weakness in Apple’s hardware security infrastructure. Hackers can intercept and exploit memory access patterns to gain unauthorized access to sensitive information, including encryption keys used by cryptographic applications.
The researchers have named this type of attack the “GoFetch” exploit, which operates seamlessly within the user environment and only requires standard user privileges. Mac users in online forums have expressed concerns about the potential impact on password keychains. Some believe that Apple will directly address the problem within its operating system, while others are worried about the consequences if the company fails to do so.
One user speculated that Apple may already be aware of this flaw and suggested that the upcoming M3 chip could include an additional instruction to disable the vulnerable feature. They referenced previous research on the topic, known as “augury,” from 2022.
This security vulnerability adds to the challenges Apple is currently facing, including an ongoing antitrust lawsuit filed by the US Department of Justice (DOJ). The lawsuit alleges that Apple’s rules for the App Store and its alleged monopoly have stifled competition and innovation. The DOJ also claims that Apple has limited access to competing digital wallets and prevented developers from offering their own payment services to users.
In addition, Apple is facing a class-action lawsuit that accuses the company of conspiring to limit peer-to-peer payment options on its devices and block the integration of crypto technology in iOS payment apps. The complaint argues that Apple has entered into anti-competitive agreements with popular payment platforms, resulting in inflated prices for users. Apple’s guidelines also require app developers to share 30% of transaction revenues, which has been a barrier for crypto firms trying to provide services to iOS users.
As a result, Apple has removed the Bitcoin-friendly social media app Damus from the App Store for violating its terms of service. The app included a tipping feature that allowed content creators to receive Bitcoin tips through the Lightning Network. However, Apple deemed this feature a violation of its guidelines, which prohibit developers from selling additional in-app content unless the transactions go through Apple, who takes a 30% cut.
Follow Us on Google News