Arm hardware security systems might not be as tough as it thinks

Recently introduced Arm security feature can be bypassed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New research has detailed a novel way to bypass asecurity featurebuilt intoARMchips.

A team of cybersecurity researchers fromSamsung, Seoul National University, and the Georgia Institute of Technology, named the new approach “TIKTAG”, since it works around the Memory Tagging Extension (MTE) tool.

Apparently, the success rate of the method is 95%, and it works rather quickly. The researchers were successful on both Linux and Chrome kernels, it was added.

High success rate

Memory Tagging Extension (MTE) is a hardware security feature designed to improve memory safety by detecting and preventing common types of memory-related errors in software (think buffer overflows, use-after-free, and similar).

It was introduced in ARM v8.5-A, and is apparently quite relevant foroperating systems, browsers, and other large applications where memory safety bugs can result in data leakage.

It works by assigning small tags to memory chunks. By making sure the tag matches the accessed memory region, MTE essentially protects against memory corruption. However, through speculative execution, the researchers managed to leak MTE memory tags, with quite a good success rate, too.

The team reported their findings to ARM andGooglein late 2023 and, according toBleepingComputer, received positive responses but no immediate fixes.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“As Allocation Tags are not expected to be a secret to software in the address space, a speculative mechanism that reveals the correct tag value is not considered a compromise of the principles of the architecture,” ARM said. Google said something in a similar vein, stating that the V8 sandbox never guaranteed the confidentiality of memory data and MTE tags.

The research paper suggests a series of mitigations, which include modifying hardware design, inserting speculation barriers, adding padding instructions, and more. You can read the full list onthis link.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now