Apple’s M1 processors have helped the Mac reach new performance heights, with some reports highlighting potential security issues with the chip system. The latest report comes from MIT CSAIL, whose research has found a way to overcome the so-called “last line of safety” in the M1 SoC.
MIT CSAIL has discovered that the M1 implementation of pointer authentication can be overcome by a hardware attack that researchers have created. Pointer authentication is a security feature that helps protect the CPU against attackers who gain memory access. Pointer Save the memory address, and Pointer authentication code (PAC) checks for unexpected pointer changes due to attack. In his research, MIT CSAIL created “PACMAN”, an attack that can find the right value for successfully passing pointer authentication, allowing a hacker to gain access to a computer.
Joseph Ravichandran of MIT CSAIL, co-author of a research paper explaining PACMAN, said in a MIT article, “When pointer authentication was introduced, it suddenly became much harder to use for attacks. The surface of the attack could be much larger. “
According to MIT CSAIL, since its PACMAN attack involves a hardware device, a software patch will not solve the problem. The problem is a widespread problem with arm processors that use pointer authentication, not just Apple’s M1. “Future CPU designers should take care to consider this attack when creating tomorrow’s secure systems,” said Ravichandran. “Developers should be careful not to rely solely on pointer authentication to protect their software.”
Apple last Monday announced the M2 chip at its WWDC Keynote, a new generation of successful M1 series. An MIT representative confirmed to McWorld that the M2 had not been tested.
Since PACMAN requires a hardware device, a hacker must have physical access to a Mac, which limits how PACMAN can be implemented. But as a technical demonstration, PACMAN shows that pointer authentication is not completely foolish and developers should not rely entirely on it.
MIT CSAIL plans to present their report on June 18 at the International Symposium on Computer Architecture. Apple has not commented publicly, but is aware of MIT CSAIL’s results (it is customary for researchers to share their results with the companies involved before they are released to the public).
PACMAN is the latest security breach discovered with M1. In May, researchers from the University of Illinois at Urbana-Champaign, University of Washington and Tel Aviv University discovered the Aguri defect. Last year, developer Hector Martin discovered the M1RACLES vulnerability. However, these errors are not considered harmful or serious threats.