Connect with us

Tech

Exclusive: MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips

Published

on

MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips

#MIT #researchers #uncover #unpatchable #flaw #Apple #chips

Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered.

The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device’s memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip.

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

The attack, appropriately called “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered. This is done using speculative execution — a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation — to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct.

What’s more, since there are only so many possible values for the PAC, the researchers found that it’s possible to try them all to find the right one.

In a proof of concept, the researchers demonstrated that the attack even works against the kernel — the software core of a device’s operating system — which has “massive implications for future security work on all ARM systems with pointer authentication enabled,” says Joseph Ravichandran, a Ph.D. student at MIT CSAIL and co-lead author of the research paper.

“The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system,” Ravichandran added. “We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was.”

Apple has implemented pointer authentication on all of its custom ARM-based silicon so far including the M1, M1 Pro, and M1 Max, and a number of other chip manufacturers including Qualcomm and Samsung have either announced or are expected to ship new processors supporting the hardware-level security feature. MIT said it has not yet tested the attack on Apple’s unreleased M2 chip, which also supports pointer authentication.

Advertisement

“If not mitigated, our attack will affect the majority of mobile devices, and likely even desktop devices in the coming years,” MIT said in the research paper.

The researchers — which presented their findings to Apple — noted that the Pacman attack isn’t a “magic bypass” for all security on the M1 chip, and can only take an existing bug that pointer authentication protects against. When reached, Apple did not comment on the record.

In May last year, a developer discovered an unfixable flaw in Apple’s M1 chip that creates a covert channel that two or more already-installed malicious apps could use to transmit information to each other. But the bug was ultimately deemed “harmless” as malware can’t use it to steal or interfere with data that’s on a Mac.

Tech

Exclusive: Xiaomi 12S Ultra uses a 1-inch Sony camera sensor. Here’s why it is a massive moment for smartphone photography – TalkOfNews.com

Published

on

By

Xiaomi 12S Ultra uses a 1-inch Sony camera sensor. Here’s why it is a massive moment for smartphone photography

#Xiaomi #12S #Ultra #1inch #Sony #camera #sensor #Heres #massive #moment #smartphone #photography

Sony has some of the best camera sensors in the market. That is the reason why most smartphone manufacturers use sensors from Sony in their smartphones. While Xiaomi’s upcoming flagship smartphone, the Xiaomi 12S Ultra has been developed in a collaboration with Leica, the smartphone manufacturer has decided to go for a camera sensor that was developed by Sony.

Xiaomi 12S Ultra will be using Sony IMX 989, the same sensor that Sony uses in their RX100 Mk 7 point-and-shoot cameras. The RX100 Mk 7 is one of the best point-and-shoot cameras in the market right now and is massively popular among budding YouTube celebrities and content creators.

Xiaomi’s decision to use a properly developed, large camera sensor for their upcoming flagship is a huge moment for smartphone photography, provided they calibrate the sensor properly. Here’s why.

More data to play with
Most smartphone camera sensors are barely half the size of a 1-inch sensor. It does not matter how many pixels a manufacturer shoves inside a sensor. Samsung’s 200MP camera sensor may sound impressive on paper, but had it not used some sort of pixel binning to group the individual pixels and make a larger pixel, images taken on the ISOCELL HP1 or HP3 sensors would have a lot of artefacts and noise, thus making the image grainy and ultimately unusable.

More than the number of pixels, it is the size of pixels that matter. A larger pixel will be able to capture more light and therefore more data. This means that a camera’s processor has more data to work with and will eventually be able to put out a better image.

Advertisement

This is one of the reasons why, for a long time, smartphone cameras have been almost as good as proper full frame cameras, but also lacked some basic functionalities that professional photographers rely heavily on. If Xiaomi calibrates the sensor properly and uses quality glass elements for lenses, photos and videos taken in the dark should be phenomenal. This is where Xiaomi messed up with their Mi 11 ultra, which had a 1/1.2-inch camera sensor.

A better dynamic range
Another advantage of having a bigger sensor is that the camera has a naturally larger or better dynamic range. 

Dynamic range basically refers to the ratio between the maximum and minimum signal that is acquired by the sensor. At the upper limit, pixels appear to be white for every higher value of intensity (saturation), while pixels appear black at the lower limit and below. 

What this means is that in the same photo or video, the sensor is able to handle a varied level of brightness and darkness in such a manner that there is very little or preferably no distortion of the colours.

Xiaomi 12S Ultra uses a 1-inch Sony camera sensor. Here’s why it is a massive moment for smartphone photography

Better depth of field or bokeh
The most visible difference that a large sensor makes for amateur photographers is the bokeh or “blur” in a photo. Smartphone camera sensores have always been little, because of which no matter how wide an aperture you use, there simply isn’t enough space for background and foreground separation. That is why smartphone cameras have had to process their images and create a fake bokeh effect. This won’t be a problem with a larger sensor.

Having said all of this, it really depends on how Xiaomi and Leica have calibrated the Sony sensor. Also, it would be foolish for anyone to say that smartphone cameras have become better than proper, full frame or medium format cameras; they haven’t, and for the foreseeable future, they won’t at least for a couple of decades. What Sony and Samsung with their sensors have been able to do, is pushing smartphone manufacturers ever so close to the ultimate goal that they all have been aiming for, by some distance. 


Advertisement
Continue Reading

Tech

Exclusive: Crypto hedge fund Three Arrows files for bankruptcy – TalkOfNews.com

Published

on

By

Crypto hedge fund Three Arrows files for bankruptcy

#Crypto #hedge #fund #Arrows #files #bankruptcy

Cryptocurrency hedge fund Three Arrows Capital (3AC) filed for Chapter 15 bankruptcy in a bid to protect its US assets from creditors in the country, as reported earlier by Bloomberg and CNBC. Representatives for the Singapore-based company made the filing in a Southern District New York court on Friday, which legally protects the US assets of insolvent foreign debtors from creditors in the US.

Founded in 2012 by Kyle Davis and Su Zhu, 3AC managed about $10 billion in assets as recently as March, later sinking to $3 billion in April. Like several other crypto firms, including the lending giants Celcius and Babel Finance, 3AC’s turn in fortunes is part of the so-called crypto “winter” that’s brought down stablecoins and sent Bitcoin’s value plunging.

Earlier this week, reports emerged that 3AC failed to pay a $670 million loan provided by crypto broker Voyager Digital, which has since halted all trades, deposits, and withdrawals as a result. Sky News later reported that a court in the British Virgin Islands has ordered 3AC’s liquidation and that the firm is reportedly working with business consulting company Teneo to oversee the process.

In May, Davies and Zhu admitted in an interview with the WSJ that the company lost out on a $200 million investment following the crash of Luna and its sister coin TerraUSD. At the time, the two remained optimistic about the prospects of crypto, telling the WSJ that they’ve “always been crypto believers” and “still are.”

Continue Reading

Tech

Exclusive: 'Doctor Strange 2': Post-Credits Scenes' Cameo and Classic Sam Raimi Nod Explained – CNET – TalkOfNews.com

Published

on

By

'Doctor Strange 2': Post-Credits Scenes' Cameo, Sam Raimi Nod Explained     - CNET

#039Doctor #Strange #PostCredits #Scenes039 #Cameo #Classic #Sam #Raimi #Nod #Explained #CNET

Doctor Strange in the Multiverse of Madness, which became available to stream on Disney Plus last month after landing in theaters in May, sends the Marvel Cinematic Universe‘s charmingly grumpy sorcerer on an adventure that spans multiple realities. The 28th MCU movie brings director Sam Raimi back to Marvel for the first time since 2007’s Spider-Man 3 and leans hard into his signature horror style, with one of the two post-credits scenes riffing on a moment from early in his career.

The movie takes place after the events of Spider-Man: No Way Home, which saw Strange offering Peter Parker some magical help as the teen dealt with the entire world knowing his secret identity.

Let’s step into a portal and explore a universe full of SPOILERS. We also have a separate ending explainer, a deep dive into the Illuminati and a list of WTF questions the movie left us with.

spoilers-mcu

Another sorcerer

In a mid-credits scene, Strange is happily strolling through Manhattan’s streets, having seemingly accepted the corruption caused by his use of the Darkhold. He’s intercepted by a blonde sorcerer in a purple and pink costume (Charlize Theron). She opens a portal to the Dark Dimension, the hellish reality ruled by 2016 Doctor Strange big bad Dormammu.

Clea give Doctor Strange an intense look in Doctor Strange in the Multiverse of Madness

Charlize Theron makes her MCU debut as Clea.


Marvel Studios

“You created an incursion and we’re gonna fix it… unless you’re afraid?” she says.

“Not in the least,” he responds, his Darkhold-induced third eye opening.

Doctor Strange 14 cover

Clea has been among Doctor Strange’s most reliable allies in the comics.


Marvel Studios

What does it mean?

She isn’t named until the credits start rolling after this scene, but Theron’s character is Clea — a Dark Dimension magic wielder who’s been in the comics since the ’60s.

Advertisement

She’s the daughter of Dormammu’s sister Umar and Dark Dimension Prince Orini, and became fascinated by Strange during one of his early adventures in that reality. Their paths have crossed many times in the years since, with Clea becoming Strange’s student and later his wife.

Following the events of 2021’s Death of Doctor Strange miniseries (you can imagine the premise), Clea replaced Strange as Sorcerer Supreme of Earth. Stephen will undoubtedly be resurrected and return to the role soon though, since status quo shifts like this seldom last long in the comics.

You might have been too busy reeling or screaming with joy when Reed Richards (John Krasinski) explained what incursions were earlier in the movie, but they’re catastrophic events that occur when a multiversal reality crashes into another. In the comics, this happened in 2015 event Secret Wars.

It’s unclear how Strange caused an incursion — he jumped through a whole bunch of realities in Multiverse of Madness — or what this means for the MCU, but it could see elements from a different cinematic universe crossing into this one.

Such a crossover already created a dangerous scenario (filled with delightful cameos) in No Way Home, so it’s possible we’ll see characters from Fox’s X-Men reality next. The presence of Professor X (Patrick Stewart) may have been foreshadowing this.

Or maybe that’s just more wishful thinking.

ash-vs-evil-dead-starz.jpg

Bruce Campbell’s cameo pays homage to his iconic Evil Dead character Ash Williams.


Starz

Poppa Pizza returns

In an alternate reality’s Manhattan, rude street vendor Pizza Poppa (Bruce Campbell) earlier accused America Chavez of stealing his precious dough balls. Strange hit the poor guy with a spell to get him off their backs, and they left him to be attacked by his own hand.

The post-credits scene brings us back to Pizza Poppa just as his meat hook’s campaign of violence ends.

“It’s over!” he says joyously.

Advertisement

What does it mean?

This scene is unlikely to have any MCU-scattering implications, since it’s more of an homage to Campbell and Raimi’s relationship. The pair have been friends since high school, and the actor played hero Ash Williams in Raimi’s 1981 breakout feature The Evil Dead. In that movie’s 1987 sequel, Ash’s hand is bitten by one of the undead, becomes possessed and tries to kill him.

Unlike Pizza Poppa, he tries to solve the problem by severing his hand and replacing it with a chainsaw (which is extremely metal). His former hand stalks him for the rest of the movie.

Campbell also shows up in Raimi’s non-MCU Spider-Man trilogy, seemingly playing three different characters. He was a wrestling announcer in the first movie, a snooty usher in the sequel and a French maître d’ in the third. If the scrapped Spider-Man 4 had come to fruition, the actor could have played Mysterio, Raimi confirmed to Rolling Stone.


Now playing:
Watch this:

What’s New to Stream for June 2022



4:09

Advertisement


Continue Reading

Exclusive

Copyright © 2022 Talk Of News.