Apple introduced the MacBook M1 series several years ago, and the M2 series is now available. However, according to a new MIT study, the M1 chipset has a few security vulnerabilities that could put users at risk.
CUPERTINO, CALIFORNIA - JUNE 06: Brand new redesigned MacBook Air laptops are displayed during the WWDC22 at Apple Park on June 06, 2022 in Cupertino, California.
Hardware Vulnerability
Researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a new chip assault known as the PACMAN, which has been discovered to violate the security measures of Apple's M1 chipset.
The name PACMAN was inspired by the last layer of protection on the M1 chip, known as PAC (Pointer Authentication Code), which these researchers discovered a means to circumvent.
PAC is a signature that verifies that the program's system hasn't been tampered with fraudulently.
But now, the researchers have discovered a flaw: their PACMAN hardware attack demonstrates that pointer authentication may be bypassed without leaving a trace. Furthermore, because PACMAN is a hardware device, no software patch will ever be able to fix the bug.
"We've shown that pointer authentication as a last line of defense isn't as absolute as we once thought it was," Joseph Ravichandran, an MIT graduate student in electrical engineering and computer science and co-lead author of a study about PACMAN, said.
Read also: iOS 14.5's PAC Security Tool Prevents Malicious Codes; Does It Mean No More Zero-Click Hacking?
Is Pointer Authentication Enough to Protect a Software?
The MIT team demonstrated that a hardware side-channel might be used to guess a PAC value and then announce whether the guess is valid or not. They discovered that because the PAC has only so many possible values, it is plausible to try all of them to find the proper one.
Most crucially, the attack is undetectable because the estimates are all made on the fly.
Pointer authentication can protect the most privileged element of the system, which is the operating system kernel. An attacker who obtains control of the kernel on a device can do whatever they want on the system.
The PACMAN approach can circumvent the PAC and allows the hacker to enter the system without notifying the machine's security layers, which was specifically tested by MIT's research lab team to crack the PAC.
"Future CPU designers should take care to consider this attack when building the secure systems of tomorrow. Developers should take care to not solely rely on pointer authentication to protect their software," Ravichandran said.
The team used M1 as the attack's testbed, and the results have raised some red flags. Similar difficulties were discovered with the ARM chipset. However, the PACMAN has yet to be tested on the new M2 series silicone.
PACMAN's reach is still limited, but the MIT researchers have informed Apple of the vulnerability, and the company could begin working on a patch as soon as possible.
Apple has yet to make an official statement, so a software patch may likely be released to address the vulnerability.
Related Article: Apple and Google's 'Duopoly' over Mobile Markets is Anti-Competition - UK Regulator Claims
This article is owned by Tech Times
Written by Joaquin Victor Tacla
