Have you ever wondered if we’re living in a bad action movie? We didn’t used to, but the University of Michigan’s recent announcement of an “unhackable” processor architecture has us second-guessing ourselves, especially since they decided to name it Morpheus. That seems like the kind of thing that leads to villainous plots only Keanu Reeves can solve.
The university said in its announcement that Morpheus “could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete,“ (which, again, sounds like something writers come up with to kickstart a modern action movie). That is supposed to be achieved by the CPU “encrypting and randomly reshuffling key bits of its own code and data 20 times per second.”
Morpheus goes through that encryption and reshuffling process every 50 milliseconds. UoM professor of computer science Todd Austin claimed that makes it impossible to hack. “Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” he said. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.” Yet this process is said to have just a 1% impact on performance.
It sounds too good to be true, but UoM said Austin and his team have already demonstrated Morpheus’ capabilities. The researchers made a prototype that “successfully defended against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques.” This research was funded by DARPA, which explores potential technologies for the U.S. military, bringing us once again to the fear that we’re living an action movie.
Austin wants Morpheus processors to make their way into everything from PCs to Internet of Things devices. That way people can trust that their devices are secure without having to worry about someone finding vulnerabilities, patching them and making it easy to install those patches. (Assuming that Morpheus truly is unhackable, of course.) He co-founded a startup called Agita Labs to realize that goal.
There’s no denying that the current model of finding and fixing security flaws isn’t ideal. Companies might make it hard for researchers to disclose their discoveries, fail to fix the problem, or release critical updates in ways most of their customers don’t want to deal with. This reactive setup means people are often at risk to undisclosed or not yet patched vulnerabilities.
But it’s also hard to deny that claiming something is unhackable—even if it’s already proved resistant to many attacks—is practically inviting hackers to devote themselves to proving that claim wrong, especially once there’s actually a financial incentive to do so. Mix in DARPA’s involvement, and the script practically writes itself. We’ll see you soon, Keanu.