The Apple M1 is fast and extremely power efficient, but like all processors, it's not bulletproof. Researchers from the Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a new hardware vulnerability in Apple's M1 series chips using a new PACMAN technique to steal data.
The chip is protected by several levels of security, the last one is called PAC. Pointer Authentication is a security feature that helps protect the processor from an intruder who has accessed memory. Pointers store memory addresses, and the Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by an attack.
PACMAN is an attack that can find the correct value to successfully authenticate the pointer so that the hacker can continue gaining access to the computer.
The researchers claim that the attack potentially allows access to the main kernel of the operating system, which gives attackers complete control over the system through a combination of software and hardware attacks.
According to the researchers, the exploit does not require physical access to the machine, so the vulnerability can be exploited remotely. It is claimed that the M1 hardware vulnerabilities cannot be fixed by software, so the vulnerability affects all existing and future devices based on the M1 chip and other ARM architectures.
"Any chip that uses speculative execution to evaluate and operate on signed pointer authentication pointers (and willingly handle nested mispredictions) could potentially be vulnerable to PACMAN," said Joseph Ravichandran, a researcher at the MIT team. This means it may affect chips from other Arm manufacturers that support pointer authentication, such as Qualcomm and Samsung, but these chips have not yet been tested.