With a success rate close to 100%, i researchers Cybersecurity experts managed to bypass the ARM architecture chips’ new defenses against memory corruption.
The discovered flaw can lead to numerous cyber attacks, including escalation of privilege, arbitrary code execution, leakage of sensitive data, or critical system damage.
New ARM architecture chips, why they are so “weak”
The well-known ARM architecture, a computer processor architecture with a small instruction set, dominates the mobile phone and tablet market, it powers many gadgets and is gaining more and more popularity in laptops and PCs.
However, researchers from Seoul National University and Samsung Research found that ARM may be vulnerable to memory corruption, since the feature that protects against such vulnerabilities could be easily bypassed.
There Memory Tagging Extension (MTE) is a hardware feature introduced in the ARM architecture to detect memory corruption vulnerabilities; MTE works by assigning unique tags to different memory regions and checking whether the tags match during memory access.
The researchers were able to unravel the MTE tags with a 95% success rate in less than 4 seconds, bypassing the MTE-based mitigations of the new ARM architecture chips.
“Attackers can bypass MTE’s probabilistic defense, increasing the attack success rate to nearly 100%.”we read in the document.
Data leak from “corrupted” ARM architecture? Apparently there’s no need to worry
This does not mean the direct leakage of sensitive data such as passwords or encryption keys. Attackers would exploit the exposed MTE tags to disable security measures and then implement a real attack using a memory compromise vulnerability, creating a more sophisticated attack to execute arbitrary code.
The researchers demonstrated two techniques, TIKTAG-v1 and TIKTAG-v2, to show how real-world attacks could occur against Chrome, the Linux kernel and Google Pixel 8.
The attack exploits speculative behaviors of the processor to expose sensitive information in a so-called speculative execution attack, similar to Spectre and Meltdown; tricking the processor into revealing secret information from memoryattackers can then attempt to manipulate memory by injecting malicious code.
“There are several challenges to launching real attacks using TIKTAG gadgets. First, TIKTAG gadgets must run in the target address space, requiring the attacker to build or find gadgets from the target system. Secondly, the attacker should check and observe the cache state to reveal the results of tag checking“the researchers said.
Android proponents were aware of some flaws in the ARM architecture
The Android security team recognized the issue as a Pixel 8 hardware flaw, decided to address it in Android’s MTE-based defense, and issued a reward for the report.
Although ARM admitted that the effectiveness of CPU protection could be hindered, the chip designer “does not consider the risk of oracles speculative activities would damage the value offered by Arm“.
![](https://tech.icrewplay.com/wp-content/uploads/2024/06/arm-processors-everything-you-need-to-kn-5f3c13efcf32557ee2e6463f-1-aug-21-2020-19-53-49-poster-1024x576.webp)
“Arm MTE allocation tags are not considered secret. Therefore, a mechanism that reveals the correct tag value is not a compromise of architectural principles“the company said in a document.
The researchers proposed measures to better protect the chips and said that MTE-based protections are still an attractive solution for mitigating memory corruption attacks.
How to protect yourself from a similar problem of chips with ARM architecture
If you fear for your “safety” and want to protect yourself from attacks that exploit vulnerabilities in chips with ARM architecture, It is important to adopt a series of multi-layered security measures and here are some recommendations:
Updates and Patches
- Software updates: Always keep your operating system and all applications updated. Manufacturers frequently release security patches to fix known vulnerabilities.
- Firmware updates: Install device firmware updates that may include specific fixes for hardware vulnerabilities.
Security configurations
- Use of MTE protections: Configure and use Memory Tagging Extension (MTE) protections if supported by your device. Despite the vulnerabilities, MTE provides an additional layer of security.
- Strict access controls: Implement strong access controls and use two-factor authentication (2FA) to limit unauthorized access to systems.
![](https://tech.icrewplay.com/wp-content/uploads/2024/06/arm_chip_hero_image-1024x729.jpeg)
Good information security practices
- Antivirus and Anti-Malware Software: Use reputable antivirus and anti-malware software and keep them updated to detect and prevent known attacks, for example Malwarebytes exists on Android and works very well.
- Security Monitoring: Constantly monitor your systems for suspicious activity and use intrusion detection solutions (IDS) to identify potential threats.
Training and awareness
- Cyber security education: Train yourself and your staff on cybersecurity best practices and about the risks associated with memory corruption and other speculative attacks.
- Security policy: Implement and enforce security policies that clearly define the procedures to follow in the event of an attack.
Advanced mitigations
- Virtualization and sandboxing: Uses virtualization and sandboxing techniques to isolate applications and processes, reducing the attack surface.
- Safe Compilers: Use compilers that support vulnerability mitigation techniques such as Control Flow Integrity (CFI) and Stack Canaries.
Collaboration with suppliers
- Communication with suppliers: Keep in touch with the vendors of your devices and software to stay informed about the latest vulnerabilities and available fixes.
- Bug Bounty Programs: If you are a developer or business, consider participating in bug bounty programs to identify and fix vulnerabilities in your products.
By implementing these measures, you can significantly improve the security of your devices and protect yourself from attacks that exploit vulnerabilities in ARM architecture chips.
A custom ROM could help
Given that many phones and tablets with ARM architecture (especially Android) they don’t update after a certain amount of time, a custom ROM could be a solution: if production companies no longer make firmware updates, then you have to take action (getting help and advice from expert people, at least); by doing so you will have an updated and secure operating system and you will be able to get around the problems of the parent companies without too much trouble.
#ARM #architecture #chips #easily #bypassed