Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method.
The hardware attack can bypass Pointer Authentication (PAC) on the Apple M1 CPU. The researchers gave a brief description on a dedicated siteand will present full details on June 18, 2022 at the International Symposium on Computer Architecture.
The M1 chip
Until the recently announcedM2, the M1 chip was the most powerful chip that Apple had created. The Apple M1 series of ARM-based system-on-a-chip (SoC) works as a central processing unit (CPU) and graphics processing unit (GPU) for Apple’s Macintosh desktops and notebooks, as well as the iPad Pro and iPad Air tablets.
Macs and PCs normally incorporate several chips for their Central Processing Unit (CPU), Input/Output (I/O), and security. The M1 was the first SoC for Macs that combined these technologies, which led to better integration and improved performance and power usage.
Security
The researchers have dubbed it PACMAN, a vulnerability in what they call the last line of security for the M1 chip. The flaw could theoretically give threat actors a door to gain full access to the core operating system kernel.
Both the researchers and Apple stated there is no cause for immediate alarm, since the system under attack needs to have an existing memory corruption bug to exploit the vulnerability.
PAC
The PAC in PACMAN is short for pointer authentication codes. The PAC is a cryptographic signature that confirms that an app wasn’t maliciously altered. With pointer authentication enabled, bugs that could normally compromise a system or leak private information are stopped dead in their tracks.
This feature makes it much harder for an attacker to inject malicious code into a device’s memory and provides a level of defense against buffer overflow exploits. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.
The researchers found a vulnerability which allows PACMAN to find out the PAC. To understand how they pulled this off we need to understand speculative execution. The computer processor guesses several directions a computation may go in by using a technique called speculative execution. To use an analogy, they do this to have the answers ready for several following questions.
How it fails
The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. But the researchers found that the number of possible PACs has its limits and by using speculative execution they could use a trial and error method without causing any crashes. This allowed them to brute-force the PAC value without triggering any alams.
Another advantage that speculative execution provides an attacker with is that there is no known way of finding out whether your system is or has been the victim of such an attack.
More targets
The PACMAN attack combines a software attack with a hardware attack to exploit a flaw in a security feature. The researchers expressed that they expect to see more attacks of this type in the future. This particular attack, while it was only tested against the M1 chip, is expected to work in a similar way on every architecture that uses PAC.
Apple has implemented pointer authentication on all of its custom ARM-based silicon so far, including the M1, M1 Pro and M1 Max, and a number of other chip manufacturers, including Qualcomm and Samsung, have either announced or expect to ship new processors supporting the PAC security feature.
Mitigation
Current users of M1 based systems don’t need to take immediate action at this point.
Apple thanked the researchers for their work and for sharing their findings. Apple gave the following comment:
“Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”
Since the PACMAN attack only works when chained with an existing bug and exploits the hardware architecture there is not much a user can do but be vigilant. Since the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be, so those are the ones to look out for.