Research has found that vulnerabilities in Apple's M-series chips are "unpatchable."

Academic researchers have discovered a critical vulnerability in Apple's M-series computing chips that could compromise the security of private encryption keys.

On the same day, the U.S. Department of Justice (DOJ) filed an antitrust lawsuit against the iPhone maker, accusing its monopolistic behavior of being harmful to consumers, developers and competitors.

loopholes

The research team discovered a vulnerability in the chip's data memory-dependent prefetcher (DMP).

Crypto analyst George explained that DMP is a hardware optimization that predicts data in advance and preloads it into the CPU cache. However, it faces a problem of occasionally mistaking sensitive data, such as encryption keys, for memory addresses.

This phenomenon, known as "dereferencing a pointer," creates a vulnerability known as a "side-channel attack."

Researchers demonstrated the ability to use a GoFetch attack to extract various encryption keys, including RSA, Diffie-Hellman, Kyber, and Dilithium, within one to 10 hours. However, this exploit requires the malicious and targeted cryptographic applications to be running on the same CPU cluster.

For an attack to be successful, the malicious application must provide input to the cryptographic application and cause it to perform actions that gradually reveal the key. This exploit is interactive rather than passive, and must bypass macOS's security measures to execute on the system.

Unfortunately, correcting this flaw is not simple, as it stems from the chip's microarchitectural design, making it impossible to patch. However, implementing defenses in third-party encryption software can reduce the risk.

legal trouble

U.S. authorities, backed by attorneys general from 16 U.S. states, have launched legal proceedings against Apple over its "closed garden" business model, which allegedly helped create an illegal monopoly in the smartphone market.

The lawsuit accuses Apple of implementing "changing rules and restrictions" in its App Store Guidelines and Developer Agreement that would allow Apple to charge higher fees, hinder innovation, provide a less secure or degraded user experience, and limit competition. alternatives.

They added that the repressive rules were implemented across a variety of products, including text messages, smartwatches and digital wallets.

Members of the crypto community emphasized the importance of this lawsuit to the industry, with Tribe Protocol founder Hish Bouabdallah saying:

"If Apple loses this battle, it could pave the way for crypto payments in the United States, enabling users to use services like Coinbase Wallet to make seamless transactions with just a double tap and FaceID." #加密货币安全 #苹果漏洞