Researchers Demonstrate Browser-Based Attack Against Apple’s M1 Chip

A new browser-based side-channel attack has recently been demonstrated by a team of researchers, that works even if Javascript is blocked and affects hardware platforms including Intel Core, AMD Ryzen, Samsung Exynos, and even Apple’s M1 chips, The 8-Bit reports.

Researchers say this vulnerability may lead to “micro-architectural website fingerprinting attacks.” They also noted that Javascript has become a popular way of conducting side-channel attacks.

The attack allows hackers to determine the target’s web activity by leveraging features from the target’s packet sequence, while disregarding the application of most privacy-protecting technologies such as VPNs and proxies.

The new form of the attack demonstrated by researchers from universities in the United States, Australia, and Israel is effective as it only relies on CSS and HTML, making it the first side-channel attack that works on Apple’s M1 chips.

Empirically demonstrating this, we evaluate our attacks on AMD’s Ryzen, Samsung’s Exynos, and Apple’s M1 architectures. Ironically, we show that our attacks are sometimes more effective on these novel CPUs by Apple and Samsung compared to their well-explored Intel counterparts.

Meanwhile, Apple has said that the public disclosure of the team’s findings does not raise any concerns and that it has implemented necessary measures, including revoking certificates for the developer’s account from where the malware originated.