While the Apple M1 chips allowed the Mac to reach new heights in terms of performance, a few reports have revealed potential security issues with the System on a Chip. The latest report comes from MIT CSAIL, whose research has found a way to defeat the security of the M1 SoC.
the MIT CSAIL discovered that the M1 implementation of pointer authentication can be overcome by hardware attack that the researchers developed. Pointer authentication is a security feature that allows you to protect central processing unit against an attacker who has gained memory access.
Pointers store memory addresses, and Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by an attack. As part of its research, MIT CSAIL created “PACMAN”, an attack capable of finding the correct value for successful authentication of the pointer, so that a hacker can continue to access the computer.
Joseph Ravichandran of MIT CSAIL, who is co-lead author of a paper explaining PACMAN, stated in an article by MIT : “ When pointer authentication was introduced, a whole class of bugs suddenly became much harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be much larger. »
According to MIT CSAIL, since its PACMAN attack involves a hardware device, a software patch will not fix the problem. This is a larger problem with arm processors that use pointer authentication, not just the Apple M1. “Future processor designers should consider this attack when building tomorrow’s secure systems,” Ravichandran said. ” Developers should be careful not to rely solely on pointer authentication to protect their software. »
Apple announced the M2 chip during his keynote WWDC last Monday, which is a new generation succeeding the M1 series. A representative from MIT confirmed to Macworld that the M2 has not been tested for this flaw.
As PACMAN requires a hardware device, a hacker must have physical access to a Macwhich limits how a PACMAN can be executed. But as a technology demonstration, PACMAN shows that pointer authentication is not completely infallible and that developers should not rely on it completely.
MIT CSAIL plans to present the report at the International Symposium on Computer Architecture on June 18. Apple has not made a public comment, but she is aware of the findings of the MIT CSAIL (it is customary for researchers to share their results with the companies concerned before making them public).
PACMAN is the latest security flaw discovered on the M1. In May, researchers from the University of Illinois at Urbana Champaign, the University of Washington, and Tel Aviv University discovered the Augury Fault. Last year, the developer Hector Martin discovered the vulnerability M1RACLES. However, these vulnerabilities were deemed harmless or not posing a serious threat.