If you have a device with an ARM processor and you are worried about security, then we have some bad news for you. And it is that the MIT artificial intelligence laboratory has discovered a vulnerability that affects processors with said set of registers and instructions. Which includes Apple, Qualcomm and countless other chips used in mobile phones, tablets, televisions and countless other consumer electronics products. what is vulnerability PAC-MAN And to what extent should we care?
If you ask any fan of the Cupertino brand, they will come up with two arguments that are completely false: the first is that processors with ISA ARM are better than x86 because yes, with no more knowledge than to repeat the propaganda like a parrot from Apple. The second is that Macs are safe and have no security issues. However, the MIT computer science and artificial intelligence laboratory has not only managed to steal data, but also demonstrate it using an M1 processor from Cupertino, but it is a problem that affects not only the apple brand bite, but with many others.
What is the PACMAN attack and how does it affect ARM processors?
The PAC-MAN technique consists in guessing the value of the authentication pointer codes, Pointer Authentication Codes (PAC). What these codes do is vverify the software through a series of encrypted keys. Which are stored in a chip memory that is unknown and that is only accessed by calling its memory address or pointer. Well, as good processors out of order and as happens with x86 that have the same capacity, it is possible to take advantage of the speculative execution Meltdown and Specter style to access these codes.
Once the attacker has the value of the PACs, they already have the key to decrypt any encrypted information that is inside the chip. However, we must clarify that this is a design flaw in the way in which processors with said ISA access memory and not a specific brand. So it is not an Apple problem, but also Qualcomm, NVIDIA and ARM chips. So it is a blow to the plans of various manufacturers to enter the server market, which is the next frontier for this type of processor.
We have to start from the fact that in the ARM ecosystem there are many different manufacturers with different designs. The normal thing would be that the problem is solved with some patch or update of the processor, as happened with Specter and Meltdown in their day. Although this would be at the cost of losing performance in the process. At the moment it is too early to say anything.
