Interesting. Thanks for the pointer.
Yeah, given enough time, speed, resources, etc., a close-enough approximation to "intelligence" can be achieved - at least in some areas. And that's a good thing, to my way of thinking. (Why not have a machine search through zettabytes of information to figure out connections and associations that can make things like disease treatment better?) I'm old enough to remember when some thought that chess computers would "never" be good enough to beat a human grand master... I'll read them this weekend.
Possibly relatedly, Android Police:
(See the original for embedded links.)
This isn't surprising to me. Whenever there are short-cuts (especially those implemented to speed things up), people want to use them in unintended ways. And lots and lots of nefarious actors like nothing better than finding ways to poke around in "protected" areas in popular CPUs, so there are great incentives to do so...
Cheers,
Scott.
Possibly relatedly, Android Police:
In summary, CSAIL researchers have found (via TechCrunch) a way to break Apple's pointer authentication — essentially, a write-and-read cryptographic check verifying that an app's pointers are referencing the same locations in memory. The company's implementation of pointer authentication has generally helped the M1 contain pretty much any bug with potential system-wide impacts by catching a pointer that fails the test and triggering an app crash.
The attack uses a mix of software and hardware methods — including exploits to speculative code execution that made threats like 2018's Meltdown and Spectre vulnerabilities so scary — to beat pointer authentication by simply guessing all of a finite series of authentication codes. Opening up this gate then allows any existing software bug, including ones targeting the kernel, to wreak havoc as they would on other chips. CSAIL says that its cracking method, which it dubs PACMAN, can be executed remotely and, because of its reliance on a hardware side channel, can't easily be patched.
MIT's researchers theorize that any chip which uses speculative execution to handle pointer authentication may be susceptible to PACMAN. Apple employs its pointer authentication on its arm64e chips which include all of the M1 series, the new M2 chip, as well as A-series chips from the A12 onward. Arm-based chips from other manufacturers like MediaTek, Qualcomm, and Samsung could be at risk, but testing has not been done to prove risk to those platforms.
Details of PACMAN are available in the full paper from MIT.
(See the original for embedded links.)
This isn't surprising to me. Whenever there are short-cuts (especially those implemented to speed things up), people want to use them in unintended ways. And lots and lots of nefarious actors like nothing better than finding ways to poke around in "protected" areas in popular CPUs, so there are great incentives to do so...
Cheers,
Scott.