Security Experts:

Academics Devise New Speculative Execution Attack Against Apple M1 Chips

A group of academic researchers has devised a new hardware attack that bypasses pointer authentication protections on Apple’s M1 processor.

Pointer authentication (PA) is a mechanism to prevent the modification of pointers in memory using a cryptographic hash, or pointer authentication code (PAC). With the integrity of a pointer verified against the PAC, a crash is triggered if the values do not match.

First introduced by ARM in 2017 and adopted by Apple in 2018, pointer authentication basically requires the attacker to guess the PAC of a pointer after modification to prevent triggering a crash when modifying code in memory.

Dubbed PACMAN, a new attack technique devised by a group of researchers at the Massachusetts Institute of Technology’s (MIT) Computer Science and Artificial Intelligence Laboratory (CSAIL) uses micro-architectural side-channels to leak PAC verification results and bypass PA without triggering a crash.

“[W]e propose the PACMAN attack, which extends speculative execution attacks to bypass Pointer Authentication by constructing a PAC oracle. Given a pointer in a victim execution context, a PAC oracle can be used to precisely distinguish between a correct PAC and an incorrect one without causing any crashes,” the researchers note in a paper.

Essentially, PACMAN relies on guessing the PAC by trying multiple possible values, and uses a pointer verification operation and a micro-architectural side channel to transmit the verification result.

“If a correct PAC is guessed, the transmission operation will speculatively access a valid pointer, resulting in observable micro-architectural side effects. Otherwise, the transmission step will cause a speculative exception due to accessing an invalid pointer,” the researchers say.

Because both operations are executed on a mis-speculated path, the operations won’t trigger “architecture-visible events,” such as crashes.

The attack was performed on Apple’s M1 processor, but the researchers believe that it may be applicable to future ARM processors as well. They also note that the attack impacts all processors that rely on PA, which is currently being adopted by numerous chip makers.

“Since our attack breaks Pointer Authentication, our work calls for re-evaluating the security properties of those extended designs under a broader threat model involving speculative execution attacks,” the academics note.

The researchers also provide multiple proof-of-concept (PoC) demonstrations, including one that targets the operating system’s kernel and which could essentially compromise the entire system. Furthermore, the academics explain that they performed all of their experiments over the network.

The exploited vulnerabilities are at the hardware level and the researchers note that they cannot be addressed with software features. However, they also note that the PACMAN attack on itself cannot compromise a system, as it requires a software bug – such as a memory read/write – to bypass PA.

Apple was informed of the new attack technique last year. SecurityWeek has emailed the tech giant for a comment on PACMAN but has yet to receive a reply.

UPDATE: Apple has provided the following statement:

“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”

Related: Academics Devise Side-Channel Attack Targeting Multi-GPU Systems

Related: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Related: Researchers Show First Side-Channel Attack Against Apple M1 Chips

view counter