The threat that cannot be eliminated: the crypt can be stolen from Mac users

The reason for the vulnerability is the prefetcher (trans.: "pre—selection") of chips that depends on data memory (data memory-dependent prefetcher, DMP). Its task is to predict the memory addresses of the data and load them in advance to minimize processor and memory delays.

Due to the fact that the problem lies in the microarchitecture of the M1, M2 and M3 chips from Apple, it is impossible to fix it directly with patches. It can only be eliminated by embedding security features in third-party encryption software. And this, in turn, can negatively affect productivity.

During operation, DMP unintentionally opens side channels, through which attackers can steal private keys or other secret user information.

It is precisely this behavior of the prefetcher that hackers use. To do this, they prepare the login data in advance, which the DMP mistakenly recognizes as addresses. This leads to an indirect leak of encryption keys.

At the same time, the vulnerability window opens at those moments when the user performs any cryptocurrency operation on his MacBook.

Leakage of private keys is one of the main problems of cryptosecurity. In the second half of 2023 alone, cryptocurrency projects lost $901 million due to this vulnerability.

Experts Boru Chen from the University of Illinois Urbana-Champaign and Ingchen Wang from the University of Texas at Austin commented on the situation:

"Our main idea is that although DMP only dereferences pointers, an attacker can compose the program's input data in such a way that when this data is mixed with cryptographic secrets, the resulting intermediate state can look like a pointer if and only if the secret satisfies the predicate chosen by the attacker."

Source: https://ru.beincrypto.com/macbook-uyazvimost-crypto/