9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Arm Cortex-M chips are, in some cases, vulnerable to attacks that are strongly reminiscent of Specter and Meltdown. This allows hackers to intercept sensitive data. The Black Hat
Arm Cortex-M chips are, in some cases, vulnerable to attacks that are strongly reminiscent of Specter and Meltdown. This allows hackers to intercept sensitive data.
The Black Hat Asia conference showed that side-channel attacks like Specter and Meltdown do not only affect x86 chips. After all, hackers managed to launch a similar attack to steal data from a system running Cortex-M.
Arm’s Cortex-M chips are relatively simple microcontrollers that are popular in IoT applications. Because they are inherently less complex than full-fledged CPUs for computers, servers, or smartphones, they also seemed less vulnerable to side-channel attacks. In addition, Arm has the necessary security built in to keep sensitive data invisible to spying hackers.
This proved less successful than hoped. The hackers’ Spectre-like attack doesn’t exploit a specific vulnerability in the Cortex-M, but instead takes advantage of the fact that even highly secure data leaves its mark. The hackers managed to manipulate a system in such a way that certain packets were always delayed. This enabled them to derive important information. For example, the hackers managed to learn the code of a smart lock.
Arm, in turn, claims that its chips actually work as advertised and expected by the industry. The hack would also be possible if the code was not programmed optimally. That seems partly true, but on the other hand, the vector used by the attackers is actually based on limitations within Cortex-M. The hackers now want to further develop their attack and thus show that side-channel vulnerabilities exist everywhere, even if the code on a system follows the rules of the art.
With the arm on the side, the cat looks a little out of the tree. Side channel attacks are notoriously difficult to solve as they are a by-product of the underlying chip architecture. You don’t just adapt them. Furthermore, there is no real risk until such attacks prove viable in a way that the code cannot protect against. This is currently not the case.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
