苹果芯片被曝安全漏洞 钱包密钥存在泄露可能

币圈资讯 阅读:25 2024-04-22 03:42:23 评论:0
美化布局示例

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

作者:Felix;来源: PANews

3月21日,学术研究人员称在苹果M系列芯片中发现了一项新的安全漏洞。该漏洞允许攻击者在执行广泛使用的加密操作时从Mac电脑中提取密钥。漏洞无法通过直接修补芯片解决,只能依赖第三方加密软件,但此举或导致性能大幅下降。

经研究人员测验,该漏洞对多种加密实现构成威胁。目前已从OpenSSL Diffie-Hellman、Go RSA以及CRYSTALS Kyber和Dilithium中提取了密钥。

攻击者可以窃取密钥

漏洞源于数据内存依赖预取器(Data Memory-Dependent Prefetcher,简称为DMP),DMP能够预测将要访问的内存地址以提高处理器效率。

然而,DMP有时会错误地将密钥等敏感数据内容与内存地址指针混淆,攻击者可以通过操纵加密算法中的中间数据,使其在特定输入下看起来像是地址,从而利用DMP的这一特性来间接泄露密钥信息。这种攻击不是立即破解加密密钥。然而,攻击可以重复进行,直到密钥暴露。

研究人员声称,这种攻击既可以攻击经典的加密算法,也可以攻击最新的量子强化算法。

至于其有效性,研究人员的测试应用程序能够在不到一个小时的时间内提取2048位的RSA密钥,而提取2048位的Diffie-Hellman密钥只需两个多小时。除去离线处理时间,获取Dilithium-2密钥需要十个小时。

苹果芯片自身难以修补

这次攻击的主要问题是,因属于其苹果Silicon芯片的核心部分,自身无法修补,只能依赖第三方加密软件增加防御措施。

问题是,任何缓解措施都将增加执行操作所需的工作负载,进而影响性能,特别是对于M1和M2系列芯片来说,这种性能下降可能更为明显。

苹果拒绝就此事发表评论。研究人员声称,他们在公开发布报告之前向苹果公司进行了负责任的披露,于2023年12月5日通知了该公司。

用户和软件开发人员可能需要密切关注 macOS 和其他操作系统中与此漏洞相关的未来Apple更新和缓解措施。

芯片漏洞屡屡被曝

值得一提的是,此前一些研究人员在2022年就指出苹果芯片的DMP存在一个名为“Augury ”的漏洞。当时,所谓的Augury漏洞并未被认为会构成重大威胁”。

此外,麻省理工学院的研究人员在2022年发现了一个名为“PACMAN”的无法修复的漏洞,该漏洞利用指针身份验证过程创建了旁路攻击。

芯片漏洞对设备生产商来说可能是一个大问题,特别是不得不对操作系统和软件进行更改。

2018年,Meltdown和Spectre芯片被发现漏洞,影响了所有Mac和iOS设备,以及自1997年以来生产的几乎所有X86设备。这些安全漏洞依赖于“推测性执行”,即芯片可以通过同时处理多条指令,甚至无序处理来提高速度。


Author's source: academic researchers said that a new security vulnerability was discovered in Apple's series of chips. This vulnerability allows attackers to extract keys from computers when performing widely used encryption operations. The vulnerability cannot be solved by directly patching the chips, but it can only rely on third-party encryption software, but this may lead to a significant decline in performance. Researchers have tested that this vulnerability poses a threat to various encryption implementations. At present, the key has been extracted from and. Attackers can steal keys. The vulnerability stems from data memory dependence. Prefetcher can predict the memory address to be accessed for short, so as to improve the efficiency of the processor. However, sometimes sensitive data such as keys are mistakenly confused with memory address pointers. Attackers can indirectly disclose key information by manipulating the intermediate data in the encryption algorithm to make it look like an address under a specific input. This attack does not immediately crack the encryption key, but the attack can be repeated until the key is exposed. Researchers claim that this attack can be attacked. The classical encryption algorithm can also attack the latest quantum enhancement algorithm. As for its effectiveness, the researcher's test application can extract the bit key in less than an hour, while it takes more than two hours to extract the bit key, and it takes ten hours to obtain the key except the offline processing time. The main problem of this attack is that the apple chip itself is difficult to repair because it belongs to the core part of its apple chip, and it can only rely on third-party encryption software to increase defense measures. All the solutions will increase the workload required to perform the operation, which will affect the performance, especially for the series of chips. This decline in performance may be more obvious. Apple refused to comment on this matter. Researchers claimed that they made responsible disclosure to Apple before publicly releasing the report, and informed the company's users and software developers on May that they may need to pay close attention to future updates and mitigation measures related to this vulnerability in other operating systems. Chip vulnerabilities have been repeatedly exposed. It is mentioned that some researchers pointed out that there was a vulnerability named Apple chip in 2008. At that time, the so-called vulnerability was not considered to pose a major threat. In addition, researchers at the Massachusetts Institute of Technology discovered an irreparable vulnerability named in 2008, which used the pointer authentication process to create a bypass attack chip vulnerability, which may be a big problem for equipment manufacturers, especially when the operating system and software had to be changed. There are security vulnerabilities in devices and almost all devices produced since 2000, which depend on speculative execution, that is, the chip can improve the speed by processing multiple instructions at the same time or even out of order. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

文字格式和图片示例

注册有任何问题请添加 微信:MVIP619 拉你进入群

弹窗与图片大小一致 文章转载注明 网址:https://netpsp.com/?id=55790

美化布局示例

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址
可以去百度分享获取分享代码输入这里。
声明

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

发表评论
平台列表
美化布局示例

欧易(OKX)

  全球官网 大陆官网

币安(Binance)

  官网

火币(HTX)

  官网

Gate.io

  官网

Bitget

  官网

deepcoin

  官网
关注我们

若遇到问题,加微信客服---清歌

搜索
排行榜
扫一扫,加我为微信好友加我为微信好友