On June 10, a team of researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) published research on a security vulnerability of the Apple M1 processor. The tool, called PACMAN, helps to bypass the last layer of defense, preventing attacks on devices using the above processor.
Hardware Vulnerability Apple Can’t Fix
Zero-click (0-click) is a form of software attack that does not require the user to install an application or click on a link containing malicious code. Therefore, these types of software can track objects silently, difficult to detect.
In 2016, a group of hackers did a zero-click attack on the iPhone through a vulnerability in the ARM architecture. In 2017, ARM equipped a hardware security layer right on the processor, called Pointer Authentication Codes (PAC), to prevent hackers from executing commands to track devices. The PAC keeps track of the pointer on the product, making it more difficult to exploit.
Experts from MIT discovered a security flaw of the M1 chip that Apple could not fix.
By 2018, Apple equipped PACs on its ARM chip designs. Pointer Authentication Codes are present on M1, M1 Pro, M1 Max and ARM-based chips from Qualcomm, Samsung…
The MIT team created PACMAN to predict pointer authentication signatures, bypassing this important security mechanism. Specifically, PACMAN runs all validation values over the hardware channel, predicting the cryptography to bypass the PAC.
“PACs are created as a last line of defense, when other authentications fail, you still have it to block the attack. However, we have shown that PACs are not the absolute line of defense people think,” said Ravichandran, who produced the report.
At the same time, PAC is inherently hardware security, Apple and manufacturers cannot proactively patch bugs with software update versions. Apart from the M1 chip, all ARM processors that use Pointer Authentication Codes are vulnerable. However, MIT experts chose Apple processors for testing because this product is popular.
Not dangerous yet
PACMAN is a threat to the M1 chip and other ARM processors, but researchers at MIT say it shouldn’t be an issue right now. Specifically, a piece of malware needs to break through all other layers of security before it can reach a PAC. In other words, there must be another software flaw, the chip’s hardware failure to be ominous.
The PACMAN vulnerability is not a problem at the moment, but it should be fixed soon. Image: Apple.
Experts at MIT believe that the research on PACMAN is not to solve the current problem but to serve the future. “The issue is not whether the processors are vulnerable, but whether they are going to be vulnerable in the future,” Mr. Ravichandran said.
After the MIT study was released, ARM said it had grasped the information and will update the processor core architecture to fix it as soon as possible, when the investigation is over. Meanwhile, Apple has not considered this to be a serious problem.
“Thank you for the efforts of our researchers to improve our understanding of engineering. Based on our own analysis of the provided documents, we conclude that the issue poses no immediate danger to users, and that the operating system still has enough layers of security that it cannot be bypassed.” , Apple gives feedback.
Not posing an immediate threat, PACMAN leaves behind the risk, because it will work when the software has a bug, there is an exploited vulnerability. Therefore, users should update their devices regularly to avoid falling victim to 0-click attacks.
At the same time, the report is published at the time of the launch of the M2 processor may affect Apple. Because this chip is most likely still using PAC for security.
(According to Zing)