Attack “PACMAN” can cross the last defense of the M1 chip.
Recently, MIT studies discovered a hard-coded weakness in Apple Silicon chips. Basically, if this happens, the attacker could get deep into the chip, but it’s not alarming for all Mac users either.
“PACMAN” the aggressor of the M1 chips
The team in charge of this research and subsequent discovery was the MIT Laboratory of Computer Science and Artificial Intelligence. The discovery is based on a weakness caused by Apple itself. Thanks to the pointer authentication built into the M1 chip system, the attacker can launch an extremely specific attack that has already been dubbed “PACMAN.”
In case you don’t know the pointer authentication mechanism, it is used by Apple Silicon. Its objective is to avoid modification of pointers in the chip’s memory, making an aggressor attack much more difficult. In the event that an attack reaches memory, this mechanism is activated preventing the CPU from being compromised in the attack.
The concept of the authentication security mechanism is based on being the last line of defense in case everything has failed. It is the most reliable lock on the chip, ensuring that attackers cannot completely take over the system. These were the words of Joseph Ravichandran, who co-wrote the article.
The design of the M1 Chip was and still is important, since it was the first to integrate this mechanism into its design. Although, with the current discovery from MIT, it has been found out that there is a method that can successfully bypass pointer authentication.
The problem is that there may be attackers who manage to correctly decode the values of the mechanism and thus deactivate it. The Science team that attackers can modify the attack, to take even more force when unlocking the code of the mechanism.
The newly named PACMAN attack is self-complete thanks to similar attacks like Specter or Meltdown. Such attacks, at the time, also opted for the side channels of the chip to take their chance. Thanks to the fact that this “bug” comes in the structure of the hardware and not of the software, it is not modifiable via patch or update.
Now, on the other hand, the PACMAN attack is not unstoppable nor does it manage to penetrate all the security mechanisms that an Apple device has. However, it does heavily weaken or give other types of exploits the opportunity to be even stronger against your Mac.
Users at risk and defense methods
Although PACMAN is a vulnerability that takes advantage of flaws in the structure of the M1 chip, it is not unstoppable according to the researchers. Although it can get past all pointer authentication and allow itself to develop, seriously infecting.
Above all, and to list endangered users, the PACMAN attack can only exist if the attacker has had physical access to your Mac. This would rule out most average users of an attack of this magnitude.
At the moment it has been discovered that the attack can overcome the barriers of ARM-based chips, see hardware outside of those created by Apple. PACMAN is rather the very existence of a physical error in the authentication mechanism that is based on ARM chips. Reiterating the point about the low chances of this actually affecting an average user’s Mac.
Joseph Ravichandran also writes about the approach designers should take. Since for future builds, users can be more and more easily exposed to a CPU attack. The entire team in charge must be really careful, not trusting only the pointer mechanism if they want to take care of the software one hundred percent.
