The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks

Presented at DEF CON 30 (2022), Aug. 12, 2022, 11 a.m. (45 minutes)

What do you get when you cross pointer authentication with microarchitectural side channels?

The PACMAN attack is a new attack technique that can bruteforce the pointer authentication code (PAC) for an arbitrary kernel pointer without causing any crashes using microarchitectural side channels. We demonstrate the PACMAN attack against the Apple M1 CPU.


Presenters:

  • Joseph Ravichandran - First year PhD Student working with Dr. Mengjia Yan at MIT
    Joseph Ravichandran is a PhD student in computer architecture studying microarchitectural security at MIT. His work includes microarchitectural and memory safety attacks and attack modeling. He plays CTF with SIGPwny. This is his first DEF CON talk.

Links:

Similar Presentations: