MIT CSAIL is today lifting the embargo on a new hardware vulnerability affecting the Apple M1 SoCs (no word yet on disclosure with the recently announced Apple M2) and called the “PACMAN” attack.
MIT researchers found that the arm pointer authentication function can be bypassed inside the M1 and left no trace. The researchers claim: “PACMAN uses a hardware mechanism, so no software patch can ever fix the problem.” Since ARM pointer authentication is still new, having only been added to the ARMv8.3-A specification, it will be interesting to see if similar ARM SoCs also prove vulnerable to this particular attack.
Some additional details on the M1 PACMAN attack, now coming out in a press release after the embargo was just lifted:
A Pointer Authentication Code, or “PAC” for short, is a signature that confirms that the program’s state has not been maliciously altered. Enter the PACMAN attack. The team showed that it is possible to “guess” a value for the PAC and reveal whether or not the guess was correct via a hardware-side channel. And since there are only a certain number of possible values for the PAC, they found it’s possible to try them all to find the right one. Most importantly, the attack leaves no trace as all guesswork is done under speculative execution.
“The idea behind pointer authentication is that when all else has failed, you can still rely on attackers to take control of your system. We have shown that pointer authentication as a last line of defense is not as absolute as we once thought,” says MIT CSAIL graduate student Joseph Ravichandran, co-lead author of a new article on PACMAN. “When pointer authentication was introduced, a whole category of flaws suddenly became much more difficult to attack. Because PACMAN makes these flaws more severe, the overall attack surface could be much larger.”
The team wanted to see what combining the two could achieve – taking something from the world of software security and breaking a mitigation (a feature designed to protect software) from hardware attacks. “That’s at the heart of PACMAN – a new way of thinking about how threat models converge in the Specter era,” says Ravichandran.
PACMAN is not a magic bypass for all security on the M1 chip. PACMAN can just take an existing flaw that pointer authentication protects against and unleash that flaw’s true potential for attack by finding the right PAC.
The PACMAN research paper concludes: “We introduced PACMAN, a novel speculative execution attack against ARM pointer authentication. We reverse engineered the TLB organizations on Apple M1 and demonstrated several proof-of-concept attacks that work at all privilege levels. We believe this attack has important implications for designers looking to implement future processors with pointer authentication, and has broader security implications for future control flow integrity primitives.”
PACMAN is the latest vulnerability discovered by MIT scientists from their Computer Science & Artificial Intelligence Lab (CSAIL). (Image: MIT Stata Center back in the days of Building a solar powered arm cluster.)
MIT-CSAIL scientists will present their M1 attack “PACMAN” at the International Symposium on Computer Architecture on June 18th.
Will be updated when final link for PACMAN attack research paper is received.