Indian American Joseph Ravichandran Discovers Bug in Apple Chip
SAN FRANCISCO, CA (IANS) – Researchers at the Massachusetts Institute of Technology (MIT), including Indian American Joseph Ravichandran, have identified a new hardware vulnerability in Apple’s in-house silicon M1 chip that powers Macs.
The threat, dubbed ‘PACMAN’ by PhD student Ravichandran, enables attackers to stop the M1 chip from detecting software bug attacks.
The M1 chip uses a feature called ‘Pointer Authentication’, which acts as a last line of defense against typical software vulnerabilities.
With ‘Pointer Authentication’ enabled, bugs that normally could compromise a system or leak private information are stopped dead in their tracks.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory found a crack as their novel hardware attack, called ‘PACMAN’ showed that ‘Pointer Authentication’ can be defeated without even leaving a trace.
“The idea behind ‘Pointer Authentication’ is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was,” said Ravichandran, co-lead author of the MIT paper.
‘Pointer authentication’ is primarily used to protect the core operating system kernel, the most privileged part of the system.
An attacker who gains control of the kernel can do whatever they’d like on a device.
“Future CPU designers should take care to consider this attack when building the secure systems of tomorrow,” Ravichandran said in the paper that was published late on June 10. “Developers should take care to not solely rely on pointer authentication to protect their software,” he added.
Apple has implemented ‘pointer authentication’ on all its custom ARM-based silicon so far, including the M1, M1 Pro and M1 Max.
“If not mitigated, our attack will affect the majority of mobile devices, and likely even desktop devices in the coming years,” MIT said in the research paper.
An Apple spokesperson told TechCrunch that the company wants to “thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques”.
“Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own,” the company’s spokesperson added.