• About Us
  • Contact Us
  • Cookie policy (EU)
  • Home
  • Privacy Policy
  • Video
  • Write for us
Today Headline
  • HOME
  • NEWS
    • POLITICS
    • News for today
    • Borisov news
  • FINANCE
    • Business
    • Insurance
  • Video
  • TECHNOLOGY
  • ENTERPRISE
  • LIFESTYLE
    • TRAVEL
    • HEALTH
    • ENTERTAINMENT
  • AUTOMOTIVE
  • SPORTS
  • Travel and Tourism
  • HOME
  • NEWS
    • POLITICS
    • News for today
    • Borisov news
  • FINANCE
    • Business
    • Insurance
  • Video
  • TECHNOLOGY
  • ENTERPRISE
  • LIFESTYLE
    • TRAVEL
    • HEALTH
    • ENTERTAINMENT
  • AUTOMOTIVE
  • SPORTS
  • Travel and Tourism
No Result
View All Result
TodayHeadline
No Result
View All Result

Researchers discover a new hardware vulnerability in the Apple M1 chip

June 21, 2022
in Technology
0
0
SHARES
3
VIEWS
Share on FacebookShare on Twitter


pacman

Credit: Pixabay/CC0 Public Domain

William Shakespeare might have been talking about Apple’s recently released M1 chip via his prose in A Midnight Summer’s Dream: “And though she be but little, she is fierce.”

Well, probably not, but it fits: Apple’s software runs on the little masterful squares made of in-house silicon, resulting in amazing performance with industry-leading power efficiency. Despite their potency, over the years there’s been no shortage of vulnerability grievances, as fears of sensitive data leaks and personal information abound. More recently, the celebrity-like chip itself was found to have a security flaw of its own, which was quickly deemed harmless.

The M1 chip uses a feature called “Pointer Authentication,” which acts as a last line of defense against typical software vulnerabilities. With Pointer Authentication enabled, bugs that normally could compromise a system or leak private information are stopped dead in their tracks. Now, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have found a crack: their novel hardware attack, called “PACMAN” shows that Pointer Authentication can be defeated without even leaving a trace. Moreover, PACMAN utilizes a hardware mechanism, so no software patch can ever fix it.

A pointer authentication code, or “PAC” for short, is a signature that confirms that the state of the program hasn’t been changed maliciously. Enter the PACMAN attack. The team showed that it’s possible to “guess” a value for the PAC, and reveal whether the guess was correct or not via a hardware side channel. And since there are only so many possible values for the PAC, they found that it’s possible to try them all to find the correct one. Most importantly, since the guesses all happen under speculative execution, the attack leaves no trace.

“The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was,” says MIT CSAIL Ph.D. student Joseph Ravichandran, co-lead author of a new paper about PACMAN. “When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger.”

An attack with hardware and software

Traditionally, hardware and software attacks have lived somewhat separate lives. People see their software bugs as software bugs and hardware bugs as hardware bugs. There’s this traditional world of architecturally visible software threats—think the malicious phishing attempts, malware, denial-of-service, and the like. On the hardware side, there’s the much-talked-about 2018 Spectre and Meltdown realm, where you’re manipulating microarchitectural structures to steal data from computers.

The team wanted to see what combining the two might achieve—taking something from the software security world, and breaking a mitigation (a feature that’s designed to protect software), using hardware attacks. “That’s the heart of what PACMAN represents—a new way of thinking about how threat models converge in the Spectre era,” says Ravichandran.

PACMAN isn’t a magic bypass for all security on the M1 chip. PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug’s true potential for use in an attack by finding the correct PAC. There’s no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug.

Pointer authentication is primarily used to protect the core operating system kernel, the most privileged part of the system. An attacker who gains control of the kernel can do whatever they’d like on a device. The team showed that the PACMAN attack even works against the kernel, which has “Massive implications for future security work on all ARM systems with pointer authentication enabled. Future CPU designers should take care to consider this attack when building the secure systems of tomorrow,” says Ravichandran. “Developers should take care to not solely rely on pointer authentication to protect their software.”

“Software vulnerabilities have existed for roughly 30 years now. Researchers have come up with ways to mitigate them using various innovative techniques such as ARM pointer authentication, which we are attacking now. Our work provides insight into how software vulnerabilities that continue to exist as important mitigation methods can be bypassed via hardware attacks,” says MIT Professor and author Mengjia Yan. “It’s a new way to look at this very long-lasting security threat model. Many other mitigation mechanisms exist that are not well studied under this new compounding threat model, so we consider the PACMAN attack as a starting point. We hope PACMAN can inspire more work in this research direction in the community.”

The team will present the paper at the International Symposium on Computer Architecture on June 18th. Ravichandran and Yan wrote the paper alongside first co-author Weon Taek Na, MIT CSAIL PhD student and Jay Lang, MIT undergraduate student.


Once overlooked, uninitialized-use ‘bugs’ may provide portal for hacker attacks on Linux


Provided by
MIT Computer Science & Artificial Intelligence Lab

Citation:
Researchers discover a new hardware vulnerability in the Apple M1 chip (2022, June 13)
retrieved 21 June 2022
from https://techxplore.com/news/2022-06-hardware-vulnerability-apple-m1-chip.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Previous Post

How The Development of Cryptocurrency Led to the Development of Online Games?

Next Post

New video casts doubt on bullying claims of Connecticut boy who suffered burns

Related Posts

Technology

Iplicit launches new board and announces senior appointments

The award-winning accounting software developer,...

Read more
Technology

Reuters reveals Musk seeks to put in less money in new Twitter deal financing

Business & FinanceDealsHuman InterestTechnology02 May...

Read more
Technology

Research allows for 3D printing of ‘organic electronics’

An example of 3D laser...

Read more
Technology

Team develops biobatteries that use bacteria to generate power for weeks

Credit: Anwar Elhadad et al,...

Read more
Technology

Conductive polymer holds promise for the next generation of organic electronics

Concept illustration depicts highly mobile...

Read more
Load More
Next Post

New video casts doubt on bullying claims of Connecticut boy who suffered burns

  • Trending
  • Comments
  • Latest

The Best Pasta Salad Recipes

Roman Protasevich’s girlfriend Sofia Sapega appears in confessional video amid torture fears after Ryanair hijacking

Cost of living squeeze could push UK into ‘mild recession’; petrol price hits fresh highs – business live | Business

How to remortgage: Your guide to getting the best home loan

Greek Myths

Top Greek Myths You Should Know To Understand Goddess Paintings

Hit the Jackpot with Winning Names! -DogTipper

One Direction reunion: Odds boost 1D Glastonbury 2023 line-up hopes | Music | Entertainment

Pentagon on Senate passing Ukraine aid bill, Operation Fly Formula and more | full video

About Us

Todayheadline the independent news and topics discovery
A home-grown and independent news and topic aggregation . displays breaking news linking to news websites all around the world.

Follow Us

Latest News

Greek Myths

Top Greek Myths You Should Know To Understand Goddess Paintings

Hit the Jackpot with Winning Names! -DogTipper

Greek Myths

Top Greek Myths You Should Know To Understand Goddess Paintings

Hit the Jackpot with Winning Names! -DogTipper

One Direction reunion: Odds boost 1D Glastonbury 2023 line-up hopes | Music | Entertainment

  • Real Estate
  • Education
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2021 All rights are reserved Todayheadline

No Result
View All Result
  • Real Estate
  • Education
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2021 All rights are reserved Todayheadline

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist