MIT cracks Apple's M1 chip

MIT security researchers used the PACMAN M1 chip attack to successfully defeat the "last line of security" known as Apple Silicon.

When designing the M1 chip, Apple created different layers of security, each designed to prevent attackers from successfully infiltrating the previous layer. The final layer of M1 is a security feature called PAC that helps protect the CPU from attackers who have gained access tmemories.

However, a team from the Massachusetts Institute of Technology (MIT) managed to beat PAC with hardware they called PACMAN. The work comes from researchers at the Computer Science and Artificial Intelligence Laboratory (CSAIL).

CSAIL found that the PAC security function could be broken through a hardware attack it developed , and PACMAN could find the correct value to successfully pass the PAC's pointer authentication. And since its PACMAN attack involves hardware devices, a software patch won't fix the problem .

The team says the vulnerability exists in other ARM chips as well , not just the M1, but it hasn't had a chance to try it against the M2 yet.

At present, the research team has notified Apple of the problem and will disclose more details at the International Symposium on Computer Architecture on June 18 . Apple has yet to comment.

The PACMAN is the third vulnerability found in the M1 chip. Last May, security researcher Hector Martin discovered a vulnerability called M1RACLES that allowed two applications to secretly exchange data.

Last month, a multi-university team discovered a bug called Augury that could allow chips to leak static data, but has yet to demonstrate any viable exploits.

Post a Comment