Apple Mac computers and iPad tablets are potentially susceptible to a serious vulnerability that could expose cryptographic keys and passwords on certain devices.
A flaw in Apple’s M-series chips can be used by hackers via a malware attack to steal cryptographic keys, including those that secure cryptocurrency wallets, according to researchers from various universities.
And while the real-world risks of the exploit might be low, it’s not something you’ll want to ignore if you hold a large amount of crypto in a software wallet on a potentially vulnerable Mac. Here’s a quick primer on the situation, based on what’s been reported and disclosed to date.
What’s the issue?
Researchers announced last week that they discovered a critical vulnerability within Apple’s M-series chips used in Macs and iPads that can potentially allow an attacker to gain access to cryptographically secure keys and codes.
The issue boils down to a technique called “prefetching,” which Apple’s own M-series chips enable to speed up your interactions with your device. With prefetching, the device aims to speed up interactions by keeping tabs on your most common activities and keeping data close at hand. But that technique can apparently now be exploited.
Researchers say they were able to create an app that successfully “tricked” the processor into putting some of that prefetched data into the cache, which the app could then access and use to reconstruct a cryptographic key. That’s a potentially huge problem.
Who’s at risk?
If your Mac or iPad has an Apple M-series processor—M1, M2, or M3—then your device is potentially susceptible to this vulnerability. The M1 processor rolled out in late 2020 with the MacBook Air, MacBook Pro, and Mac Mini, and later was expanded to Mac desktops and even iPad tablets.
The M2 processor and current M3 processor are also susceptible across computers and tablets, and the M2 chip is even used in the Apple Vision Pro headset. But with the M3 chip, the data memory-dependent prefetcher that’s impacted by the vulnerability “has a special bit that developers can invoke to disable the feature,” Ars Technica reports, albeit with some level of performance hit as a result.
What if I have an older Mac or iPad?
If you have an older Mac with an Intel processor, which Apple used for years and years before developing its own silicon, then you’re fine. Intel chips aren’t impacted.
Similarly, if you have an iPad (old or new) that uses one of Apple’s A-series chips, which also feature in the company’s iPhones, then there doesn’t appear to be a risk. Only the M1, M2, and M3 chips are vulnerable due to how they were designed. Apple’s A14, A15, and A16 chips from recent iPhones and iPads are indeed variants of the M-series chips, but the research report and media reports do not cite them as being vulnerable as of this writing.
What can I do about it?
What can you do to fix the issue? Nothing, unfortunately. This is a chip-level vulnerability that has to do with the unique architecture of Apple’s chips. That means it’s not something Apple can fix with a patch. What app developers can do is implement fixes to avoid the vulnerability, but there’s apparently a performance trade-off as a result, so such apps could feel much more sluggish once updated.
What you can do to remove your risk, of course, is to get any crypto wallets you have off of your vulnerable Apple devices. Migrate them to another device, whether it’s a Windows PC, an iPhone, an Android phone, etc. Don’t wait for catastrophe to strike.
That’s exactly what Errata Security CEO Robert Graham told Zero Day writer Kim Zetter to share with readers: Get your crypto wallets off your devices, at least for now. “There are people right now hoping to do this [attack] and are working on it, I would assume,” he told the blog.
Can my crypto just be taken?
While devices with the M1-M3 chips are indeed vulnerable, it’s not like hackers can just flip a switch and take your funds at any moment. You’d typically need to install malware on your device, and then the attackers would need to use the exploited software to pull the private keys and access the associated wallet.
Apple’s macOS is also fairly resilient to malware, since you’d have to manually allow for such an app to be installed on your device. Macs block unsigned, third-party software by default. Still, if you’re the adventurous type and have installed apps from “unidentified” developers, you’ll want to play it safe if you’re using a potentially vulnerable M-chip device.
This kind of attack can also be performed on a shared cloud server that holds your keys, so that’s another potential attack vector, according to Zero Day. It also might be possible to pull off this kind of attack on a website via Javascript code, which would be far more effective at impacting the average user—they wouldn’t have to install anything. But that’s theoretical for now.
The vulnerability could also potentially be used to decrypt the contents of a web browser cookie, according to Zero Day, possibly letting attackers gain access to something like an email account—which could let users log into sensitive accounts.
What about hardware wallets?
Hardware wallets from the likes of Ledger and Trezor are apparently not at risk, based on current reporting around the vulnerability, since the private keys need to be on your Apple device with an M1-M3 chip to be impacted. That said, it’s probably not a bad idea to avoid connecting hardware wallets to vulnerable devices, just in case.
What about centralized exchanges?
Centralized exchanges like Coinbase hold onto your funds in custodial wallets, and since you don’t have the private keys on your device, they’re not directly at risk. However, if you keep your password to your Coinbase account in a cryptographically secure password manager on your vulnerable Apple device, then you may want to change your password and not update it within the manager. Better safe than sorry.
And as mentioned, it’s theoretically possible for an attacker to decrypt account passwords from browser cookies using this vulnerability.
How serious is this really?
It’s a serious vulnerability, no doubt—but the likelihood of it impacting the average crypto user appears to be pretty low. Depending on the type of encryption being cracked through this vulnerability, it could take as little as about an hour to gradually pull enough data from the cache to reconstruct a key… or as long as 10 hours.
That doesn’t mean it’s impossible or that it can’t happen to you, but this isn’t a quick-hit, drive-by kind of attack. You should still take precautions to ensure that you’re not at risk, but if the report is accurate, then it doesn’t sound like this will be a widespread threat to the average user.
Edited by Guillermo Jimenez