A newly identified speculative execution attack named “TIKTAG” exploits ARM’s Memory Tagging Extension (MTE) to leak data with a success rate exceeding 95%, allowing hackers to circumvent this security feature.
This discovery was detailed in a paper by researchers from Samsung, Seoul National University, and the Georgia Institute of Technology. They demonstrated the attack on Google Chrome and the Linux kernel.
MTE, introduced in ARM v8.5-A architecture and subsequent versions, aims to detect and prevent memory corruption. It utilizes low-overhead tagging by assigning 4-bit tags to 16-byte memory chunks to ensure that the tag in the pointer matches the accessed memory region.
MTE operates in three modes: synchronous, asynchronous, and asymmetric, to balance security and performance.
The researchers identified two gadgets, TIKTAG-v1 and TIKTAG-v2, which leverage speculative execution to leak MTE memory tags efficiently. While leaking these tags doesn’t directly reveal sensitive information such as passwords or encryption keys, it can potentially weaken MTE’s defenses, making systems vulnerable to covert memory corruption attacks.
TIKTAG-v1 exploits CPU behaviors such as branch prediction and data prefetching to leak
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: