Academic researchers have discovered a significant vulnerability within Apple’s M-series computing chips, raising concerns about the security of private crypto keys. This discovery comes on the same day that the US Department of Justice (DOJ) filed an antitrust case against Apple, accusing the tech giant of engaging in monopolistic practices that harm consumers, developers, and competitors.
The vulnerability identified by the research team lies in the chips’ data memory-dependent prefetcher (DMP). Crypto analyst George explained that DMP is a hardware optimization that preloads data into the CPU cache before it is demanded. However, the DMP occasionally mistakes sensitive data, like encryption keys, for memory addresses, leading to a vulnerability known as “side-channel attacks.”
Researchers demonstrated the ability to extract various encryption keys, including RSA, Diffie-Hellman, Kyber, and Dilithium, within hours using a GoFetch attack. This exploit requires malicious crypto apps to operate on the same CPU cluster and engage in interactive processes to gradually leak the key. While fixing this flaw is challenging due to its origin in the chip’s microarchitectural design, implementing defensive measures in third-party encryption software can help mitigate the risk.
In addition to this security issue, Apple is facing legal trouble as the US authorities, along with 16 state attorney generals, have taken legal action against the company for its alleged “walled garden” business model. The lawsuit claims that Apple has created an illegal monopoly in the smartphone market by implementing rules and restrictions in its App Store guidelines that stifle innovation and competition.
Members of the crypto community see the outcome of this lawsuit as significant for the industry. Hish Bouabdallah, the founder of Tribes Protocol, believes that if Apple loses the case, it could open the doors for crypto payments in the US, enabling seamless transactions using services like Coinbase Wallet with just a double tap and FaceID.
This development has implications for both the technology sector and regulatory landscape in the US.