Hackers have a new way to steal your crypto — and if you're using an Apple device made in the last half-decade, there's not much you can do to counter the attack.
Security researchers have found that Apple's latest computer chips — the M1, M2 and M3 series, which power all of its latest devices — allow hackers to steal encryption keys designed to protect data from disclosure. This includes keys to software crypto wallets installed on vulnerable Apple devices.
Matthew Green, a cryptographer and professor of computer science at Johns Hopkins University, told author and journalist Kim Zetter that the target for the exploit is “high-end users, someone with a large cryptocurrency wallet.” While not a “functional” attack, it could target web browser encryption—which would affect browser-based applications like MetaMask, iCloud backups, or email accounts.
A team of scientists from the University of Illinois Urbana-Champaign (UIUC), the University of Texas at Austin, Georgia Tech, UC Berkeley, the University of Washington and Carnegie Mellon University. It works by accessing the computer's CPU cache through data memory-dependent prefixes (DMPs) built into the chip.
“In a cache side-channel attack, an attacker reveals the victim program's secret by observing the side effect of entering the victim program's secret dependency into the processor's cache,” the researchers said, adding that the experiment was verified using Apple M1's 4. Firestorm (performance) cores. “We assume that the attacker and the victim do not share memory, but the attacker can monitor any microarchitectural side channels, such as cache latency.”
Today's disclosure involves a similar technique, but is different from the “Auguri” exploit of the pre-seekers announced in 2022.
The researchers reported their findings to Apple on December 5, 2023, and more than 100 days passed before the research paper and accompanying website were made public.
In an email, an Apple spokesperson told Decrypt that the company is grateful for the researchers' collaborative efforts and highlighted their significant impact on their work in raising awareness of specific security threats.
While not commenting further, an Apple spokesperson pointed to Decrypt, an Apple developer post that shows how to mitigate the attack. The recommended solution may slow down the application's performance, because it means taking “worst-case” processing speeds to avoid calling the cache. Additionally, changes should be made by MacOS software developers, not users.
Despite being published, Apple's response fell short, Zetter says.
“Apple added a fix for this in the released M3 chips. [October]Zetter tweeted, “But developers weren't told about the fix. [October] So you can activate it. Apple added instructions to its developer site on how to enable the fix just yesterday.
For crypto users, that means wallet makers like MetaMask and Phantom need to apply patches to protect against exploits. It's unclear whether either company has made the effort yet, and representatives for MetaMask and Phantom did not immediately respond to Decrypt's request for comment.
For now, if you have a crypto wallet installed on a vulnerable Apple device, all you can do is remove the wallet from the device to play it safe. (If you're on an older Apple device, say an Intel chip, you're in the clear.)
Because of the way macOS and iOS devices are designed, Apple users have been protected from malware attacks. However, in a separate report in January, cybersecurity firm Kaspersky sounded the alarm over “extraordinary innovation” in building malware that targets both Intel and Apple silicon devices.
According to Kaspersky, the Apple malware targets Exodus wallet to trick users into downloading fake and malicious versions of the software.
Edited by Ryan Ozawa.
Stay on top of crypto news, get daily updates in your inbox.
