Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to breach their last security defense, MIT researchers have discovered.
The vulnerability resides in a hardware-level security mechanism used in Apple M1 chips called Pointer Authentication Codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device’s memory and provides a degree of protection against buffer overflow exploits, a type of attack that forces memory to go elsewhere on the chip.
However, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory have developed a novel hardware attack that combines memory corruption and speculative execution attacks to bypass the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and since it uses a hardware mechanism, no software patch can fix it.
The attack, aptly dubbed “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms an app has not been maliciously modified. It does this through speculative execution – a technique used by modern computer processors to speed up performance by speculatively guessing various lines of calculation – to leak PAC verification results, while a hardware side channel shows whether the guess was correct or not.
Also, since there are only a limited number of possible values for the PAC, the researchers found that it’s possible to try them all to find the right one.
In a proof of concept, the researchers showed that the attack even works against the kernel – the software core of a device’s operating system – which has “massive implications for future security work on all ARM systems with pointer authentication enabled,” says Joseph Ravichandran. a PhD Student at MIT CSAIL and co-lead author of the research paper.
“The idea behind pointer authentication is that if all else has failed, you can still rely on attackers to take control of your system,” Ravichandran added. “We have shown that pointer authentication as a last line of defense is not as absolute as we once thought.”
Apple has implemented pointer authentication on all of its custom ARM-based chips to date, including the M1, M1 Pro, and M1 Max, and a number of other chipmakers, including Qualcomm and Samsung, have either announced or are expected to ship new processors that support it Hardware level security feature. MIT said it has not yet tested the attack on Apple’s unreleased M2 chip, which also supports pointer authentication.
“Unless it is mitigated, our attack will affect the majority of mobile devices and likely even desktop devices in the years to come,” MIT said in the research note.
The researchers, who presented their findings to Apple, noted that the Pacman attack is not a “magic bypass” for all security measures on the M1 chip and can only fix an existing flaw that pointer authentication protects against.
When reached before release, Apple declined to comment on the recording. Following the release, Apple spokesman Scott Radcliffe said, “We would like to thank the researchers for their collaboration as this proof of concept enhances our understanding of these techniques. Based on our analysis and the details provided to us by the researchers, we have concluded that this issue does not pose an immediate risk to our users and is not sufficient to bypass the operating system security measures alone.”
In May last year, a developer discovered an unrecoverable bug in Apple’s M1 chip that creates a covert channel through which two or more already installed malicious apps could exchange information. But the bug was ultimately classified as “harmless” because malware can’t use it to steal or tamper with data residing on a Mac.
Updated with official comment from Apple.