TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Coinbase Plans Expansion into Europe amid Market Downturn

    July 4, 2022

    Beijing silent over Xi Jinping’s brush with Covid-19 in Hong Kong

    July 4, 2022

    Babel Finance Hires Restructuring Specialist Houlihan Lokey: Sources

    July 4, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      An update broke my favorite game on Xbox, but there is a way to fix Apex Legends input lag

      July 3, 2022

      Now Android users on Twitter can pay to drop the Spaces button too

      July 3, 2022

      British Army’s YouTube and Twitter accounts were hacked to promote crypto scams

      July 3, 2022

      Tesla is facing yet another racial discrimination lawsuit

      July 3, 2022

      Apple Watch Series 8 will reportedly be able to detect if you have a fever

      July 3, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Malware»Researchers discover a new hardware vulnerability in the Apple M1 chip
    Malware

    Researchers discover a new hardware vulnerability in the Apple M1 chip

    June 13, 2022Updated:June 13, 2022No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    William Shakespeare might have been talking about Apple’s recently released M1 chip via his prose in A Midnight Summer’s Dream: “And though she be but little, she is fierce.”

    Well, probably not, but it fits: Apple’s software runs on the little masterful squares made of in-house silicon, resulting in amazing performance with industry-leading power efficiency. Despite their potency, over the years there’s been no shortage of vulnerability grievances, as fears of sensitive data leaks and personal information abound. More recently, the celebrity-like chip itself was found to have a security flaw of its own, which was quickly deemed harmless.

    The M1 chip uses a feature called “Pointer Authentication,” which acts as a last line of defense against typical software vulnerabilities. With Pointer Authentication enabled, bugs that normally could compromise a system or leak private information are stopped dead in their tracks. Now, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have found a crack: their novel hardware attack, called “PACMAN” shows that Pointer Authentication can be defeated without even leaving a trace. Moreover, PACMAN utilizes a hardware mechanism, so no software patch can ever fix it.

    A pointer authentication code, or “PAC” for short, is a signature that confirms that the state of the program hasn’t been changed maliciously. Enter the PACMAN attack. The team showed that it’s possible to “guess” a value for the PAC, and reveal whether the guess was correct or not via a hardware side channel. And since there are only so many possible values for the PAC, they found that it’s possible to try them all to find the correct one. Most importantly, since the guesses all happen under speculative execution, the attack leaves no trace.

    “The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was,” says MIT CSAIL Ph.D. student Joseph Ravichandran, co-lead author of a new paper about PACMAN. “When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger.”

    An attack with hardware and software

    Traditionally, hardware and software attacks have lived somewhat separate lives. People see their software bugs as software bugs and hardware bugs as hardware bugs. There’s this traditional world of architecturally visible software threats—think the malicious phishing attempts, malware, denial-of-service, and the like. On the hardware side, there’s the much-talked-about 2018 Spectre and Meltdown realm, where you’re manipulating microarchitectural structures to steal data from computers.

    The team wanted to see what combining the two might achieve—taking something from the software security world, and breaking a mitigation (a feature that’s designed to protect software), using hardware attacks. “That’s the heart of what PACMAN represents—a new way of thinking about how threat models converge in the Spectre era,” says Ravichandran.

    PACMAN isn’t a magic bypass for all security on the M1 chip. PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug’s true potential for use in an attack by finding the correct PAC. There’s no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug.

    Pointer authentication is primarily used to protect the core operating system kernel, the most privileged part of the system. An attacker who gains control of the kernel can do whatever they’d like on a device. The team showed that the PACMAN attack even works against the kernel, which has “Massive implications for future security work on all ARM systems with pointer authentication enabled. Future CPU designers should take care to consider this attack when building the secure systems of tomorrow,” says Ravichandran. “Developers should take care to not solely rely on pointer authentication to protect their software.”

    “Software vulnerabilities have existed for roughly 30 years now. Researchers have come up with ways to mitigate them using various innovative techniques such as ARM pointer authentication, which we are attacking now. Our work provides insight into how software vulnerabilities that continue to exist as important mitigation methods can be bypassed via hardware attacks,” says MIT Professor and author Mengjia Yan. “It’s a new way to look at this very long-lasting security threat model. Many other mitigation mechanisms exist that are not well studied under this new compounding threat model, so we consider the PACMAN attack as a starting point. We hope PACMAN can inspire more work in this research direction in the community.”

    The team will present the paper at the International Symposium on Computer Architecture on June 18th. Ravichandran and Yan wrote the paper alongside first co-author Weon Taek Na, MIT CSAIL PhD student and Jay Lang, MIT undergraduate student.


    Provided by
    MIT Computer Science & Artificial Intelligence Lab

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Learning to combat DDOS attacks

    July 1, 2022 Malware

    Cyberattack disrupts unemployment benefits in some states

    June 30, 2022 Malware

    After Roe v Wade, here’s how women could adopt ‘spycraft’ to avoid tracking and prosecution

    June 30, 2022 Malware

    Cyberattack hits Norway, pro-Russian hacker group fingered

    June 29, 2022 Malware

    Post Roe, women in America are right to be concerned about digital surveillance. And it’s not just period-tracking apps

    June 28, 2022 Malware

    Cyberattack forces Iran steel company to halt production

    June 27, 2022 Malware
    Editors Picks

    Beijing silent over Xi Jinping’s brush with Covid-19 in Hong Kong

    July 4, 2022

    Babel Finance Hires Restructuring Specialist Houlihan Lokey: Sources

    July 4, 2022

    European stocks rise as traders weigh health of global economy

    July 4, 2022

    OpenSea Co-Founder Alex Atallah Sets to Leave Company by the End of July

    July 4, 2022
    Trending Now

    GBTC’s Discount to NAV Hits New Record Low after SEC Declining its Bitcoin Spot ETF Application

    By techbizweb

    Why Mexico is missing its chance to profit from US-China decoupling

    By techbizweb

    Meta to Shut Down Novi Crypto Wallet in September

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.