ARM PACMAN Foto portada

Recently, the computer science and artificial intelligence laboratory of the MIT has discovered a vulnerability (PACMAN) that affects ARM processors. This security issue affects brands like Apple, MediaTek, Qualcomm, Samsung, and a long list of manufacturers.

For testing purposes at MIT, they used an Apple computer with an M1 processor, and they managed to steal all their data without any problem.

How could the data have been stolen using the PACMAN technique?

pacman arm attack photo 1

The PACMAN-like attack consists of guessing the values ​​of the authentication pointer codes (PAC) Pointer Authentication Codes for its acronyms in English. What these codes do is check the Software thanks to a series of encrypted keysthose stored in an unknown chip memory and accessible only by calling its address or pointer.

Similar to the vulnerability that affected processors with x86, Meltdown, and Spectre instructions, this attack allows you to take advantage of speculative execution processors to access the codes. In this case, the MIT researchers managed to defeat traceless pointer authentication.

So once the PAC codes have been obtained, the attacker has the key to decrypt all encrypted data passing through the chip. This is undoubtedly a blow for manufacturers who had planned to enter the world of servers with ARM processors. since with that the myth of the high reliability of ARM processors is demolished.

In this direction, PACMAN demolished the paradigm and the duality that exists in vulnerabilities. Since people normally associate the errors of Software like mistakes Softwareand the errors of Material like mistakes Material. Due to the above, MIT researchers wanted to see what could be achieved by combining the two worlds, i.e. taking a software security element and remixing it using hardware attacks. In fact, it’s basically the PACMAN technique.

Finally, we must specify that it doesn’t just affect a particular brand, as it’s a problem in the design of the ISA ARM architecture. Unfortunately no update Software can solve this problem. So it’s very likely that we’ll soon see a ton of updates for firmware to fix this vulnerability Material.

The big problem with all of this is that, much like what happened with Meltdown and Spectre, we will probably see a slight drop in performance processors.

What do you think of the vulnerability affecting ARM processors?

Source: MIT

#PACMAN #attack #challenges #security #ARM #CPUs

Leave a Reply

Your email address will not be published.