Researchers have discovered a new flaw in Apple's M-series chipsets, including the M1, M2, and M3, allowing attackers to extract secret keys from Macs and iPads. in Note to day zerosecurity expert Robert Graham recommended investors move their cryptocurrencies to new wallets.
Explaining the failure in the simplest terms she could, journalist Kim Zetter explained that modern processors have a technology called… “prefetch” To speed up processing, including your activity patterns.
“Hey Prefetch It identifies data that you have previously accessed and places a pointer or address locator in the system cache to indicate where that data or function code is located in memory, so that the system can find and use it more quickly when needed.“Zeter commented.
“The problem is that the cache can 'leak' the information stored in it, allowing attackers to capture it in so-called side-channel attacks.”
The new discovery indicates that Apple's M series chips have a vulnerability in this function, allowing third parties to obtain encryption keys.
Experts recommend investors to transfer their cryptocurrencies
In a note to Zero Day, Robert Graham, CEO of security consulting firm Errata Security, recommended Apple users who have… “A lot of money in cryptocurrency wallets” They must move their funds to new wallets.
“There are people now planning to do this [ataque] They are working on it, I think.
However, given the sophistication of the attack, it is difficult to believe that hackers would target small investors. Regardless, it is always recommended to use hardware wallets, including other hardware brands.
On Reddit r/cryptocurrencies There are dozens of comments on this topic. Also citing the Zero Day article, the point highlighted by investors is that the attack can happen on the cloud servers you use Virtual machines for multiple different users.
“It is also theoretically possible for an attacker to do this by embedding malicious Javascript code into a website so that when a computer with an M-series chip visits it, the attacker's malicious code can perform the attack to get data from the cache.”“, wrote journalist Kim Zetter.
Already on the subreddit r/appleThe debate over vulnerability has been more heated. While many users were concerned about their data, raising various possibilities, one of them was uncomfortable with the situation.
“This thread is a dumping ground for misinformation,” one user commented. “I legitimately hate Reddit and don't know why I'm still using this site. Fake experts pretend to know something, while other people read it and assume it's true.”
Finally, the ultimate consequences of this failure in Apple's chips are still unknown. For more cautious people, like Robert Graham, the ideal solution is to transfer cryptocurrencies to another device.
Others treated the defect with disdain, noting that it was discovered in “laboratory conditions.”
The full study can be viewed on the website GoFetch.Fail.