George Zhang pfp
George Zhang
@odysseustz
Since this is going viral, here is some important TLDR: 1. No it does not impact your secure enclave. Only cryptographic operations carried out in CPU are vulnerable. Which ones use secure enclave? anything that requires you to use TouchID, or take your fingerprint. https://t.co/yjQTogcIzk
1 reply
1 recast
3 reactions

George Zhang pfp
George Zhang
@odysseustz
2. The attackers still need to install a malicious software on your Macbook to monitor system level change like cache miss and hit from DMP mechanism. If they already have something like that in your Macbook, you are kinda fucked already...
1 reply
0 recast
2 reactions

George Zhang pfp
George Zhang
@odysseustz
3. It is not the type of "click one button and your key is mine" thing. The attacker needs like an hour in the case of least demanding key to constantly perform cryptographic operation to get the key out.
1 reply
0 recast
3 reactions

George Zhang pfp
George Zhang
@odysseustz
4. It is mostly targeting applications that are constantly taking input and performing cryptographic operations on top of them, so think of things like SSH, HTTPS, VPN... It has nothing to do with your wallet that takes explicit user permission confirmation to perform one operation once in a while...
0 reply
0 recast
2 reactions