Is it really only a change in the hardware design that will help solve the problem?
Researchers from Samsung, Seoul National University, and the Georgia Institute of Technology have unveiled a new "TIKTAG" attack targeting the Memory Tagging Extension (MTE) technology in the ARM architecture. The attack allows you to bypass the defense mechanism with a success rate of more than 95%.
The Memory Tagging Extension (MTE) was introduced in ARM v8.5-A to prevent memory corruption. It uses 4-bit tags for 16-byte memory blocks to protect against memory integrity attacks by checking whether pointer tags match memory.
The researchers found that using just two tools, TIKTAG-v1 and TIKTAG-v2, it is possible to leak MTE memory tags through speculative execution with a high probability of success.
While the tag leak does not directly reveal sensitive data, such as passwords or encryption keys, it allows attackers to compromise MTE security, making the system vulnerable to memory corruption attacks.
TIKTAG-v1 uses speculative compression in branch prediction and CPU data prefetching. This tool is effective against the Linux kernel, especially in functions related to speculative memory access. The attack requires manipulating kernel pointers and measuring cache state to determine memory tags.
TIKTAG-v2 uses a speculative data redirection mechanism, where the value is stored at a memory address and immediately loaded from the same address. Tag matching allows you to successfully load the value and change the cache state. Otherwise, redirection is blocked and the cache state remains unchanged. Thus, the cache state after speculative execution allows you to determine the result of tag checking.
Researchers have demonstrated the effectiveness of TIKTAG-v2 against the Google Chrome browser, especially its V8 JavaScript engine, which opens the way for exploiting memory corruption vulnerabilities in the rendering process.
Scientific work published on arxiv.org, offers the following measures to protect against TIKTAG attacks:
ARM acknowledged the severity of the problem, but published a bulletin where it indicated that the leak of tags is not considered a compromise of the architecture, since tags are not intended to store secret data.
The Chrome security team also acknowledged the issue, but decided not to fix it, as the V8 sandbox is not designed to protect the privacy of memory data and MTE tags. Moreover, the Chrome browser currently does not include MTE-based protection by default, making it a lower priority for immediate fixes.
However, reports of MTE issues on Pixel 8 devices were reported to the Android security team in April 2024 and were found to be a hardware defect.
Researchers from Samsung, Seoul National University, and the Georgia Institute of Technology have unveiled a new "TIKTAG" attack targeting the Memory Tagging Extension (MTE) technology in the ARM architecture. The attack allows you to bypass the defense mechanism with a success rate of more than 95%.
The Memory Tagging Extension (MTE) was introduced in ARM v8.5-A to prevent memory corruption. It uses 4-bit tags for 16-byte memory blocks to protect against memory integrity attacks by checking whether pointer tags match memory.
The researchers found that using just two tools, TIKTAG-v1 and TIKTAG-v2, it is possible to leak MTE memory tags through speculative execution with a high probability of success.
While the tag leak does not directly reveal sensitive data, such as passwords or encryption keys, it allows attackers to compromise MTE security, making the system vulnerable to memory corruption attacks.
TIKTAG-v1 uses speculative compression in branch prediction and CPU data prefetching. This tool is effective against the Linux kernel, especially in functions related to speculative memory access. The attack requires manipulating kernel pointers and measuring cache state to determine memory tags.
TIKTAG-v2 uses a speculative data redirection mechanism, where the value is stored at a memory address and immediately loaded from the same address. Tag matching allows you to successfully load the value and change the cache state. Otherwise, redirection is blocked and the cache state remains unchanged. Thus, the cache state after speculative execution allows you to determine the result of tag checking.
Researchers have demonstrated the effectiveness of TIKTAG-v2 against the Google Chrome browser, especially its V8 JavaScript engine, which opens the way for exploiting memory corruption vulnerabilities in the rendering process.
Scientific work published on arxiv.org, offers the following measures to protect against TIKTAG attacks:
- Hardware design modification to prevent speculative execution from changing cache state based on tag validation results.
- Insert anti-speculation barriers (such as sb or isb instructions) to prevent speculative execution of critical memory operations.
- Add padding instructions to extend the execution window between branch instructions and memory access.
- Improved isolation mechanisms to strictly restrict speculative memory access to safe areas.
ARM acknowledged the severity of the problem, but published a bulletin where it indicated that the leak of tags is not considered a compromise of the architecture, since tags are not intended to store secret data.
The Chrome security team also acknowledged the issue, but decided not to fix it, as the V8 sandbox is not designed to protect the privacy of memory data and MTE tags. Moreover, the Chrome browser currently does not include MTE-based protection by default, making it a lower priority for immediate fixes.
However, reports of MTE issues on Pixel 8 devices were reported to the Android security team in April 2024 and were found to be a hardware defect.
