(Image credit: Max Tech/YouTube)

MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors, including the Apple M1 series of chips, by using a new PACMAN technique to steal data. The team used an Apple M1 processor as the demo chip for the exploit and claims the attack can even potentially access the core operating system kernel, thus giving attackers full control of a system through a combination of software and hardware attacks. However, the software portion of the attack does rely upon an existing memory corruption bug to work, so it isn't a silver bullet that will bypass all security. The hardware vulnerabilities can't be patched by software and the MIT team believes the hardware vulnerability will impact all future Arm mobile devices, and likely even desktop PCs, if it isn't mitigated.

The attack targets Arm's Pointer Authentication feature through a side-channel attack on the chips' speculative execution engine. Pointer Authentication is normally used to verify software with cryptographic signatures called pointer authentication codes (PACs), thus preventing malicious attacks on the memory via software vulnerabilities. These software attacks usually consist of techniques that exploit memory corruption, like buffer overflows, to take full control of a program. As such, it relies upon an existing software bug that can read and write to memory.

(Image credit: MIT CSAIL)

The PACMAN technique comprises 'guessing' a value for the PAC while using a speculative execution attack, much like we see with Spectre and Meltdown, to leak the PAC verification results via microarchitectural side channels. As a reminder, a side channel attack allows data theft by observing or exploiting a secondary effect of an operation on a system. This allows the researchers to find the correct PAC value, thus sidestepping protection against software vulnerabilities. However, it requires an existing memory corruption bug in the software to work. The researchers say "PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug's true potential for use in an attack by finding the correct PAC."

The researchers say the PACMAN attack works across privilege levels, "implying the feasibility of attacking a PA-enabled operating system kernel."



The researchers propose three methods to protect against the PACMAN attacks. One method is to modify the hardware or software to prevent PAC verification results from being used in the speculative execution process. However, the researchers warn that this approach could have a significant performance penalty. Another suggestion is to adapt previously-developed Spectre mitigation techniques to PACMAN. Finally, patching memory corruption vulnerabilities would also prevent the attacks.

(Image credit: MIT CSAIL)

The report also documents the team's reverse-engineering of the Apple M1 processors' memory hierarchy, which in turn reveals many previously undisclosed details of the chip's architecture.

The MIT team was partly funded by the National Science Foundation (NSF) and the Air Force Office of Scientific Research (AFOSR). The MIT CSAIL team will present its PACMAN: Attacking ARM Pointer Authentication with Speculative Execution paper at the International Symposium on Computer Architecture on June 18, outlining its new attack methodology.

We're still working on learning more details about the attack, such as the data exfiltration rate, whether or not the details have been shared with Arm and Apple, and if a Common Vulnerabilities and Exposures (CVE) number has been assigned. We'll update this article as we learn more.