GoFetch vulnerability

[thilonel]

Hello,

I have just heard about this https://gofetch.fail/ vulnerability on Apple M chips which could pose serious secruity issues for bitcoin wallets. Can you please tell us what should we do?

[molnard]

Thank you for your report. I am not an expert in this but tried to look around for an answer.

From the site https://gofetch.fail/

For users, we recommend using the latest versions of software, as well as performing updates regularly.

👍

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs. Additionally, input blinding can help some cryptographic schemes avoid having attacker-controlled intermediate values, avoiding key-dependent DMP activation.

Unfortunately, I am not aware of any possibility we can set this bit. Wasabi is using .NET which is developed by Microsoft. The control of that is in their hands. Wasabi immediately upgrades to the new .NET when it is released. Usually in every November.

Finally, preventing attackers from measuring DMP activation in the first place, for example by avoiding hardware sharing, can further enhance the security of cryptographic protocols.

I think this is the most important point. Do not share your hardware and make sure nobody can access it remotely either.

[thilonel]

Köszönöm a gyors választ Dávid! :)

I have also read these recommendations, but it's not reassuring.

To my understanding, any other application running on your Mac can try to fish in the memory and get unencrypted data. Wasabi (and other apps) can flip this bit when encryption/decryption is running to prevent other apps from accessing what's happening at that time. I understand .NET is not exposing this functionality at the moment, so Wasabi can't do anything.

At this point, to be bulletproof, I'd actually recommend people to not use it on Macs with M chips and if they have, move their stash to a new wallet.

To mitigate risk and keep using it on Macs, one could just say "only install software from trusted parties" but that's the default, so it's not really making any difference.

This decision is a matter of your threat model, the least we could do for the users is to warn them appropriately.

[molnard]

We are considering creating a blog post on the topic of 'Best Practices for Using Wasabi on a Daily Basis'. We will check with our team to see if they are interested in pursuing this idea. If they do, would you be interested in contributing your own best practices to the post or reviewing it?

[thilonel]

Sure I could help, however I think there should be a warning near the silicon mac download button as well.

[csiki2]

Hi,

If you check https://bitcoin.org/en/choose-your-wallet?step=5&platform=linux (you can choose any OS under the desktop category), you will see that most of the wallets has the "vulnerable" category already:

"This wallet can be loaded on computers which are vulnerable to malware. Securing your computer, using a strong passphrase, moving most of your funds to cold storage, or enabling two-factor authentication can make it harder to steal your bitcoins."

This is due to the fact that any software can run on the same computer. (honestly the "acceptable" mark for the two-factor authentication is a bit misleading as probably doesn't help too much on the malicious software case).

Note that Wasabi supports multiple hardware wallets and thus the memory won't contain the wallet's private key.

[molnard]

should be a warning near the silicon mac download button as well

The thread model is the same as before - having an extra warning seems unjustified. On the other hand, it can cause FUD.