Home Technology MIT Experts: Apple M1 Chips Possess ‘Unpatchable’ Issue

MIT Experts: Apple M1 Chips Possess ‘Unpatchable’ Issue

Ads

According to MIT researchers, Apple’s M1 chips contain a “unpatchable” hardware vulnerability that might allow attackers to bypass the company’s last line of defense.

A hardware-level security method used in Apple M1 processors called pointer authentication codes, or PAC, is the source of the problem. This feature makes it far more difficult for an attacker to introduce malicious code into a device’s memory, and it also protects against buffer overflow vulnerabilities, which cause memory to spill out to other parts of the chip.

However, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory have devised a new hardware attack that combines memory corruption and speculative execution assaults to circumvent the security mechanism. The attack demonstrates how pointer authentication may be beaten without leaving a trace, and because it relies on a hardware mechanism, there is no software patch available to correct it.

Pointer Authentication Code

The “Pacman” attack works by guessing a pointer authentication code (PAC), a cryptographic signature that verifies that an app hasn’t been maliciously updated. This is accomplished by leaking PAC verification findings via speculative execution — a method utilised by modern computer processors to improve efficiency by speculatively guessing certain lines of computation — while a hardware side-channel indicates whether or not the guess was right.

Ads

What The Experts Says?

Furthermore, because the PAC has only a limited number of possible values, the researchers discovered that it is possible to try all of them to identify the best one.

The researchers demonstrated that the attack works against the kernel, which has “huge ramifications for future security work on all ARM systems with pointer authentication enabled,” according to Joseph Ravichandran, a PhD student at MIT CSAIL and co-lead author of the research paper.

Source

Ads
Previous articleResearchers Discover A ‘Dark Free-floating Black Hole’
Next articleJennifer Lopez On Sharing Stage With Shakira, ‘The Dumbest Idea In The World ‘
Having worked in Entertainment, Technology, and Business for four years, Subhashree finds solace in technology, and more so in covering it.