Apple’s legal woes mount as vulnerability threatening crypto security comes to light

Apple’s legal woes mount as vulnerability threatening crypto security comes to light
фото показано с : cryptoslate.com

2024-3-24 22:41

Academic researchers have unearthed a significant vulnerability within Apple’s M-series computing chips, potentially jeopardizing the security of private crypto keys.

On the same day, the US Department of Justice (DOJ) filed an antitrust case against the iPhone maker, alleging monopoly practices detrimental to consumers, developers, and competitors.

The vulnerability

The research team identified the chips’ data memory-dependent prefetcher (DMP) vulnerability.

Crypto analyst George explained that DMP is a hardware optimization that anticipates and preloads data into the CPU cache ahead of demand. However, it faces an issue where it occasionally confuses sensitive data, such as encryption keys, for memory addresses.

This phenomenon, known as “dereferencing pointers,” creates a vulnerability known as “side-channel attacks.”

The researchers demonstrated the capability to extract various encryption keys — including RSA, Diffie-Hellman, Kyber, and Dilithium — within 1 to 10 hours using a GoFetch attack. However, this exploit needs malicious and targeted crypto apps to operate on the same CPU cluster.

For the attack to succeed, the malicious app must provide inputs to the crypto app and prompt it to execute operations, thereby gradually leaking the key. This exploit is interactive rather than passive and must bypass macOS security measures to perform on the system.

Unfortunately, rectifying this flaw is not straightforward as it originates from the microarchitectural design of the chips, rendering it unpatchable. However, implementing defensive measures within third-party encryption software can mitigate the risk.

Legal trouble

US authorities, supported by 16 state attorney generals, filed legal actions against Apple for its “walled garden” business model, which helped establish an allegedly illegal monopoly in the smartphone market.

The lawsuit alleged that Apple implemented “shapeshifting rules and restrictions in its App Store guidelines and developer agreements that would allow Apple to extract higher fees, thwart innovation, offer a less secure or degraded user experience, and throttle competitive alternatives.”

They added that these suppressive rules were implemented across varying products, including text messaging, smartwatches, and digital wallets, among many others.

Crypto community members have highlighted the importance of this lawsuit to the industry, with Hish Bouabdallah, the founder of Tribes Protocol, saying:

“If Apple loses this battle, it could pave the way for crypto payments in the U.S., enabling seamless transactions using services like Coinbase Wallet with just a double tap and FaceID.”

The post Apple’s legal woes mount as vulnerability threatening crypto security comes to light appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

SherLOCK Security (LOCK) на Currencies.ru

$ 0.1387 (+1.71%)
Объем 24H $13
Изменеия 24h: 10.06 %, 7d: -33.06 %
Cегодня L: $0.1387 - H: $0.1387
Капитализация $0 Rank 3458
Доступно / Всего 0 LOCK / 4.969m LOCK

security apple crypto vulnerability filed case doj

security apple → Результатов: 74


В браузере Chrome обнаружили критическую уязвимость

6 сентября специалисты Apple Security Engineering and Architecture и The Citizen Lab известили команду Google об обнаружении критической уязвимости в браузере Chrome, об этом сообщает Techmonitor. Так называемая уязвимость «нулевого дня» (CVE-2023-4863) позволяла злоумышленникам повреждать данные, внедрив слишком много информации в определенную часть памяти.

2023-9-14 13:51


Чанпэн Чжао призвал незамедлительно обновить Apple iOS

Глава Binance Чанпэн Чжао призвал владельцев iPhone и iPad срочно обновить свои устройства до версии iOS 16. 6. 1. The Apple iOS/iPadOS 16. 6. 1 updates today includes a security patch to an iMessage vulnerability that allows remote code execution WITHOUT ANY INTERACTIONS from the victim.

2023-9-9 14:59


CertiK’s crypto security reviews uncover critical vulnerability in Apple iOS

The blockchain cybersecurity firm, CertiK, has reportedly been instrumental in uncovering critical security vulnerabilities in Apple’s latest iPhone operating system (iOS) update. CertiK’s contributions were explicitly related to two security vulnerabilities in Apple’s iOS kernel, which were confirmed to affect the latest iOS devices.

2023-8-10 15:30


SlowMist Security Researcher Reveals Crypto Phishing Attack Exploiting Apple Device 2FA

A recent revelation by a SlowMist security researcher has highlighted a new type of attack aimed at cryptocurrency holders using Apple devices. The researcher disclosed that a malicious phishing program has been detected on the Apple App Store which he described as the newest form of attack targeting Apple IDs. Cryptocurrency users have been warned […]

2023-7-25 16:00


Brave Partners With iOS Firewall Developer, Guardian For Privacy-Enhanced Internet Browsing

Brave Software partners with iOS VPN creator Guardian Firewall + VPN, to integrate their technology to build the safest, fastest, and most private web browser on Apple devices. The privacy-focused firms aim at providing maximum security for your data and unwavering control over your data while using the “Brave Firewall + VPN, powered by Guardian”. […]

2020-7-27 20:41


Фото:

New iPhone Update Shows TikTok, Others Could Be Snooping on Bitcoin Addresses

Popular iOS apps like TikTok might be snooping on sensitive user information such as Bitcoin addresses and bank passwords, security publication ArsTechnica reported earlier this week. Snooping on Bitcoin Addresses Reports from this week confirm last week’s release of Apple’s iOS 14 developer beta for iPhone alerts users when mobile apps “read” data from one’sRead MoreRead More.

2020-7-1 22:07


Фото:

iOS 13 bug lets third-party keyboards enable ‘full access’ without your permission — here’s a fix

Just as Apple made available iOS 13. 1 and iPadOS after a rather messy rollout, the iPhone maker is warning users of a security issue impacting third-party keyboard apps. The bug — unresolved in its latest updates released yesterday — could potentially allow keyboard makers to gather keystroke data without your knowledge and relay it back to their servers.

2019-9-25 09:48


Фото:

Cryptojacking Campaigns Rose 29% in Q1, McAfee Says

In the first quarter of 2019, cryptojacking campaigns aimed at victims’ PCs to mine cryptocurrencies rose 29%, according to a recent report by security software provider McAfee. Hackers Target Windows PCs to Mine Monero The antivirus maker founded by crypto fan John McAfee discovered that both Windows and Apple ecosystems are equally vulnerable to cryptojacking campaigns.

2019-8-30 16:00


Фото:

Apple will soon treat online web tracking the same as a security vulnerability

Apple is taking a hard stance on online privacy with a new anti-tracking policy in Safari. The iPhone maker has published a “WebKit Tracking Prevention Policy” that goes into specifics about the types of anti-tracking methods it has developed, the practices it believes are harmful to users, and the unintended consequences of those preventive countermeasures.

2019-8-16 09:39


Фото:

Apple steps in to automatically remove Zoom’s risky software from Macs

Apple has pushed a silent update to Mac users to remove the web server sneakily installed by popular video conference app Zoom, TechCrunch reports. Earlier this week, a disclosure by security researcher Jonathan Leitschuh revealed how Zoom installed a secret local web server on Mac devices — with an intent to save an extra click — but left users vulnerable by making it possible for an attacker to hijack their webcams.

2019-7-11 08:41


Important security lessons learned from Apple’s creepy FaceTime bug

Earlier this month, I woke up to a disastrous security bug in Apple’s FaceTime that could let anyone easily eavesdrop on iOS and macOS devices. In case you haven’t heard about it yet, FaceTime, the audio and video conferencing app that comes preinstalled on all iPhones, iPads, and Mac computers, had a major security flaw that could let a caller hear the audio from the device they were calling before the person on the other end accepted or rejected the call.

2019-2-13 15:16