The M1 vulnerability is based on an exploit in the hardware that cannot be fixed with an update.
The Apple M1 chip has been an extremely successful launch by this Cupertino technology giant however new research by MIT claims that the chip that powers every device from Apple MacBook Pro to the new iPad Air has a major security flaw that, by its nature is not fixable with a security update.
The flaw was discovered in a recent paper by MIT Computer Science and Artificial Intelligence Laboratory (CSAIL)(opens in a new tab) researchers. They exploit something called pointer authentification code (PAC).
In essence, PAC works by checking digital signatures to confirm that the code of a program isn’t altered maliciously.
PACMAN the exploit the MIT researchers devised, relies on a mix of hardware and software which test whether a signature can be accepted because there are only a few possible signatures to choose from, it is feasible for PACMAN to test and determine the one that is acceptable and then to have an additional software exploit utilize the signature to bypass this last defense mechanism inside M1 chip. M1 chip.
The researchers have tested this vulnerability against the kernel – the core of every operating system – and discovered that the vulnerability allowed them to access the kernel level system which means it can provide an attacker with complete control of a system.
“The concept of pointer authentication is when all other options have failed it is still possible to trust it to keep the attackers from taking over systems,” stated MIT CSAIL We’ve discovered that the use of pointer authentication as a final resort of defense may not be as secure as we thought it was,” stated MIT CSAIL Ph.D.
Student Joseph Ravichandran, a co-lead author of the paper describing the flaw. The paper will be presented at participants at the International Symposium on Computer Architecture on the 18th of June.
“When the pointer-based authentication system was first introduced in the first place, a broad category of bugs was made much more difficult to use to attack. Since PACMAN making these vulnerabilities more severe, the total attack area could become significantly greater,” Ravichandran added.
In addition, since the researchers employed an exploit for microarchitecture to circumvent the PAC security measure, there isn’t a method to “patch” the vulnerability of the vulnerability since it’s actually wired into the chip. The exploit is able to only be used in conjunction with another exploit in software. It isn’t able to perform anything on its own.
Analysis: This isn’t good however, is it?
Although this could be an issue that is serious and it could be however, it doesn’t mean all users’ newly-released MacBook Air is open to any cyber-gang looking to steal bitcoin of users.
The exploit for hardware that researchers employed in this instance is similar to Spectre and Meltdown vulnerabilities that were found in a few Intel chips. While these were issues but it didn’t end all computer systems.
The reality is that the majority of people aren’t worthy of a cybercriminal’s time. Why risk your laptop when someone else can secure an oil pipeline to extort million of dollars?
Additionally this, the PAC attack targets the final defense of M1 chips (and not only M1-based chips but any processor with ARM technology that utilizes the PAC protection measure. This is affecting certain Qualcomm or Samsung chips too).
“We wish to express our gratitude to the researchers for their cooperation since this proof of principle helps us understand these methods,” an Apple spokesperson spoke to TechRadar.
“Based on our research and the information we received from the researchers, we’ve concluded that this issue doesn’t pose any immediate danger for our users and is not sufficient to override the security measures of operating systems by itself.”
This doesn’t mean an exploit isn’t possible however, it implies that the exploit must be able to go beyond every other security feature within the system. Apple is fairly secure in the way they are.
Therefore, while we’re confident that Apple will address this issue in its chips in the near future, Apple M1 users don’t necessarily have to worry about this vulnerability, particularly in the event that they adopt other safety precautions to prevent it.