What’s more, since there are only so many possible values for the PAC, the researchers found that it's possible to try them all to find the right one.
This is done using speculative execution - a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation - to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct. The attack, appropriately called “Pacman," works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered.
Litemanager security flaw Patch#
The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature.
0 kommentar(er)
