If you have a device with an ARM processor and you are worried about security, then we have some bad news for you. And it is that the MIT artificial intelligence laboratory has discovered a vulnerability that affects processors with said set of registers and instructions. Which includes Apple, Qualcomm, and countless other chips used in mobile phones, tablets, televisions, and a host of consumer electronics. What is the PACMAN vulnerability and to what extent should we be concerned?
If you ask any fan of the Cupertino brand, they will come up with two arguments that are completely false: the first is that processors with ISA ARM are better than x86 because yes, with no more knowledge than to repeat the propaganda like a parrot from Apple. The second is that Macs are safe and have no security issues. However, the MIT computer science and artificial intelligence laboratory has not only managed to steal data, but also demonstrate it using an M1 processor from Cupertino, but it is a problem that affects not only the apple brand bite, but with many others.
What is the PACMAN attack and how does it affect ARM processors?
The PACMAN technique consists of guessing the value of the authentication pointer codes, Pointer Authentication Codes (PAC) . What these codes do is verify the software through a series of encrypted keys . Which are stored in a chip memory that is unknown and that is only accessed by calling its memory address or pointer. Well, as good out-of-order processors and as with x86 processors that have the same capacity, it is possible to take advantage of Meltdown and Specter-style speculative execution to access these codes.
Once the attacker has the value of the PACs, they already have the key to decrypt any encrypted information that is inside the chip. However, we must clarify that this is a design flaw in the way in which processors with said ISA access memory and not a specific brand. So it is not an Apple problem, but also Qualcomm, NVIDIA and ARM chips. So it is a blow to the plans of various manufacturers to enter the server market, which is the next frontier for this type of processor.
We have to start from the fact that in the ARM ecosystem there are many different manufacturers with different designs. The normal thing would be that the problem is solved with some patch or update of the processor, as happened with Specter and Meltdown in their day. Although this would be at the cost of losing performance in the process. At the moment it is too early to say anything.
