Recently, MIT studies discovered an unfixable weakness in Apple Silicon chips. Basically, if this happens, the attacker could get deep into the chip, although it’s not alarming for all Mac users either.
“PACMAN” the aggressor of the M1 chips
The team in charge of this investigation and later discovery, was the MIT Computer Science and Artificial Intelligence Laboratory. The discovery is based on a weakness caused by Apple itself. Thanks to the pointer authentication built into the M1 chip system, the aggressor can take a highly specific attack and that was already baptized as “PACMAN”.
In case you don’t know the pointer authentication mechanism, it is used by Apple Silicon. Its objective is to avoid modifications of pointers in the memory of the chip, making an aggressor attack much more difficult. In the event that an attack touches memory, this mechanism is activated preventing the CPU from being compromised in the attack.
The concept of the authentication security mechanism is based on being the last line of defense in case everything has failed. It is the most reliable insurance on the chip, ensuring that attackers cannot completely dominate the system. These were the words of Joseph Ravichandran, who co-wrote the article.
The design of the M1 Chip was and continues to be important, since it was the first to integrate this mechanism into its design. Although, with the current MIT discovery, a method has been found to exist that can successfully bypass pointer authentication.
The problem is that there may be attackers who can correctly decode the values of the mechanism and thus deactivate it. The Science team believes that attackers can modify the attack, to take even more force when unlocking the mechanism’s code.
The newly named PACMAN attack autocompletes thanks to similar attacks like Specter or Meltdown. Such attacks, at the time, also opted for the side channels of the chip to take their chance. Because this “fault” comes from the hardware structure and not from the software, it cannot be changed via a patch or update.
Now, on the other hand, the PACMAN attack is not unstoppable, nor does it manage to penetrate all the security mechanisms that an Apple device has. However, it does heavily weaken or allow other exploits to become even stronger against your Mac.
Users at risk and methods of defense
Although PACMAN is a vulnerability that takes advantage of flaws in the structure of the M1 chip very well, it is also not unstoppable according to the researchers. Although it can get past all pointer authentication and allow itself to be unwrapped, seriously infecting.
Above all, and to list users in danger, the PACMAN attack can only exist if the attacker has had physical access to your Mac. This would rule out most average users from an attack of this magnitude.
At the moment it has been discovered that the attack can overcome the barriers of ARM-based chips, see hardware outside of those created by Apple. PACMAN is rather the very existence of a physical flaw in the authentication mechanism that is based on ARM chips. Reiterating the point about the low chances of this really affecting the average user’s Mac.
Joseph Ravichandran also writes about the approach designers should take. Since for future builds, users can be exposed more and more easily from a CPU attack. All the team in charge must be really careful, not relying only on the pointer mechanism if you want to take care of the software one hundred percent.
