Jump to content

MIT research discovers flaw in Apple M1 chips that can’t be patched


areyentiraidhi

Recommended Posts

2 DAYS AGO 

 SAVE ARTICLE
Apple logo next to M1, which is a type of processor chip, on a black square in a dark background. The square has a multi-coloured outline, with blue on the right and red on the left.

Image: © PixieMe/Stock.adobe.com

Researchers said their Pacman hardware attack could be used to affect ‘the majority’ of mobile and desktop devices in the coming years.

Apple’s M1 processor chip has been found to have an unpatchable hardware vulnerability that could allow attackers to bypass security mechanisms, according to MIT researchers.

The vulnerability relates to the M1 chip’s pointer authentication, which detects and guards against unexpected changes to pointers in memory.

Pointer authentication works by offering a special CPU instruction to add a cryptographic signature – also called a PAC – to unused high-order bits of a pointer before storing the pointer. The CPU interprets authentication failure as memory corruption, which causes the pointer to become invalid and crash.

However, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have created a hardware attack methodology that leaks verification results via “micro-architectural side channels” without causing any crashes. This could allow attackers to sidestep the defence.

In a new research paper, the team said their novel hardware attack called Pacman leverages vulnerabilities in speculative execution – a performance-boosting feature found on most chips – to help bypass the memory defences. As the attack utilises a hardware mechanism, it cannot be patched.

“While the hardware mechanisms used by Pacman cannot be patched with software features, memory corruption bugs can be,” the MIT researchers said in an accompanying post.

While the hardware attack was tested on the Apple M1 chip, the research team noted that the attack could be used on other pieces of hardware that utilise Arm pointer authentication and future Arm processors.

“If not mitigated, our attack will affect the majority of mobile devices, and likely even desktop devices in the coming years,” the researchers said.

In a statement to The Hacker News, Apple said: “We want to thank the researchers for their collaboration as this proof-of-concept advances our understanding of these techniques.

“Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own,” Apple added.

https://www.siliconrepublic.com/enterprise/apple-m1-cybersecurity-hardware-flaw-pacman-mit-research

Link to comment
Share on other sites

1 minute ago, areyentiraidhi said:

2 DAYS AGO 

 SAVE ARTICLE
Apple logo next to M1, which is a type of processor chip, on a black square in a dark background. The square has a multi-coloured outline, with blue on the right and red on the left.

Image: © PixieMe/Stock.adobe.com

Researchers said their Pacman hardware attack could be used to affect ‘the majority’ of mobile and desktop devices in the coming years.

Apple’s M1 processor chip has been found to have an unpatchable hardware vulnerability that could allow attackers to bypass security mechanisms, according to MIT researchers.

The vulnerability relates to the M1 chip’s pointer authentication, which detects and guards against unexpected changes to pointers in memory.

Pointer authentication works by offering a special CPU instruction to add a cryptographic signature – also called a PAC – to unused high-order bits of a pointer before storing the pointer. The CPU interprets authentication failure as memory corruption, which causes the pointer to become invalid and crash.

However, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have created a hardware attack methodology that leaks verification results via “micro-architectural side channels” without causing any crashes. This could allow attackers to sidestep the defence.

In a new research paper, the team said their novel hardware attack called Pacman leverages vulnerabilities in speculative execution – a performance-boosting feature found on most chips – to help bypass the memory defences. As the attack utilises a hardware mechanism, it cannot be patched.

“While the hardware mechanisms used by Pacman cannot be patched with software features, memory corruption bugs can be,” the MIT researchers said in an accompanying post.

While the hardware attack was tested on the Apple M1 chip, the research team noted that the attack could be used on other pieces of hardware that utilise Arm pointer authentication and future Arm processors.

“If not mitigated, our attack will affect the majority of mobile devices, and likely even desktop devices in the coming years,” the researchers said.

In a statement to The Hacker News, Apple said: “We want to thank the researchers for their collaboration as this proof-of-concept advances our understanding of these techniques.

“Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own,” Apple added.

https://www.siliconrepublic.com/enterprise/apple-m1-cybersecurity-hardware-flaw-pacman-mit-research

 

Just oka 1$ Billion or two donation to MIT by Apple Corp will keep the issue aside.

Link to comment
Share on other sites

1 hour ago, bharathicement said:

 

Just oka 1$ Billion or two donation to MIT by Apple Corp will keep the issue aside.

Aa paisal  tho us chala school lunches kuda sponsor cheyavachu

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...