Novel PACMAN Side-Channel Attack Can Defeat Apple's M1 Chip Defense Against Vulnerabilities
IT service provider of two German energy companies paralyzed by 'hacker attack,' Election equipment in Georgia county may have been compromised, 70+ Indian websites defaced, much more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) developed a novel side-channel attack called PACMAN that can defeat a feature in Apple’s powerful M1 chip known as pointer authentication, which acts as a last line of defense against typical software vulnerabilities.
The attack demonstrates that pointer authentication can be defeated without leaving a trace. Moreover, PACMAN utilizes a hardware mechanism, so no software patch can ever fix it. The team showed that it's possible to guess a value for the pointer authentication code (PAC) and reveal whether the guess was correct or not via a hardware side channel. Because there are only so many possible values for the PAC, they found that it's possible to try them all to find the correct one.
However, PACMAN can only take an existing bug …
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.