There have been two pieces of recent research that are pointing to serious issues with a lot of the silicon we use to power our computers. Some of which may be irreparable.
The Apple M1 attack is called PACMAN, as it exploits the Pointer Authentication Code (PAC). This attack bypasses essential memory protection mechanisms.
The paper has been presented by Joseph Ravichandran, Weon Taek Na, Mengjia Yan and Jay Lang from the MIT Computer Science & Artificial Intelligence Laboratory.
PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (pacmanattack.com)
Just to keep Apple company, researchers have found a way to exploit AMD and Intel x86 CPUs using side-channel techniques, which they have named Hertzbleed. This attack has been demonstrated to exfiltrate cryptographic keys from the CPUs.
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
The paper is the result of a collaboration between the following researchers:
Yingchen Wang (University of Texas at Austin)
Riccardo Paccagnella (University of Illinois Urbana-Champaign)
Elizabeth Tang He (University of Illinois Urbana-Champaign)
Hovav Shacham (University of Texas at Austin)
Christopher Fletcher (University of Illinois Urbana-Champaign)
David Kohlbrenner (University of Illinois Urbana-Champaign)
Both of these are laboratory demonstrations of the attacks and hardware vulnerabilities – not research on an attacks in the wild. But watch this space!
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Ravichandran, J., Na, W. T., Lang, J., & Yan, M. (2022, June). PACMAN: attacking ARM pointer authentication with speculative execution. In ISCA (pp. 685-698).
Wang, Y., Paccagnella, R., Tang He, E., Shacham, H., Fletcher, C., & Kohlbrenner, D. (2022, August). Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. 31st USENIX Security Symposium (Boston, 10–12 August 2022)
