What the M1 and Apple Silicon mean for Mac security

Posted:
in General Discussion edited February 10
The M1 chip makes the Mac platform more secure in a number of ways, but it could also signal a change toward a locked-down version of macOS that could have its own security drawbacks.

Credit: Andrew O'Hara, AppleInsider
Credit: Andrew O'Hara, AppleInsider


Apple's M1 chip has a number of significant benefits in terms of efficiency, battery life, and overall performance, but one area that has been overlooked by comparison is how the Apple Silicon switch affects computer security in terms of protection against malware and malicious attacks.

AppleInsider spoke with security researchers Patrick Wardle and Rick Mark to get their takes on the security benefits of M1, some of the potential downsides, and what makes M1 unique among ARM-based chips.

Apple Silicon security benefits

Although there are some key differences, M1-equipped Macs provide a level of security that takes several steps closer to the iPhone and further away from Intel Macs. These security features can be fit broadly into a couple of categories, according to Wardle, who is a Mac security researcher and the creator of a suite of free Mac security tools.

The first category is exploit mitigation, which are mechanisms that can help protect against remote code execution or zero-day vulnerability exploits. This includes a hardware-level security mechanism called pointer authentication that makes it much harder for an attacker to modify pointers in memory and provides a level of defense against buffer overflow exploits.

Many of these hardware-level benefits were immediately gained when Apple switched its desktops to ARM. Mark, a member of the team that developed the checkra1n exploit, said that Apple's work with pointer authentication provides security "that Intel cannot yet match."

The other category includes both operating system-level protections and defenses against attacks that would require physical access to a device.

For one, Mark pointed out that M1-equipped Macs are also no longer vulnerable to the checkm8 vulnerability that affected the T2. In fact, M1 Macs don't even have a T2 chip. Instead, the security functionality that the T2 supported is baked into the M1.

This category also includes two features mentioned specifically in Apple security documentation: system integrity and data protection.

System integrity allows for a hardware-level verification of the operating system during startup. It also continues to operate in the background to protect macOS authorizations as it runs. That shores up protections against sophisticated malware that could try to subvert macOS in a persistent manner.

"It really takes away another pretty insidious attack vector, or at least makes it a lot more difficult," Wardle said.

Additionally, the M1 chip also allows third-party developers to use file-level encryption to protect user data without impacting system performance. In other words, third-party will be able to more easily encrypt user data for privacy and security. That's a capability that wasn't available in past Mac devices.

"I think [the M1] makes exploitation a lot more difficult, it makes certain kinds of persistence very difficult, and provides better security and privacy," Wardle said. "If you care dearly about security and privacy, the M1 is kind of a no-brainer in comparison to the older systems."

Many average users may not even notice these features, Mark added. A lot of this happens in the background, so Mac owners may only notice that some software needs to be updated because of the shift from external extensions (kext) to system extensions.

For those working in the security field, however, Mark said that the M1 could advance security research on the iPhone -- even without access to a Security Research Device. That's because Apple has left an "escape hatch to run unsigned code" on the chip.

Potential downsides to M1

Despite the benefits and additional security features, there may be a few security drawbacks to the Apple Silicon chip. Some of those are present now, while others many manifest down the road.

Mark said the biggest issue with Apple Silicon currently is the lack of documentation. For example, on M1 Macs, certain Apple systems like iBoot, the Secure Enclave Processor, and processor extensions are not publicly documented.

"This means that external validation of the security components of a M1 based Mac are a lot harder to analyze and verify," Mark said.

Mark added that Apple hasn't always been forthcoming with hardware security flaws. He cites the checkm8 vulnerability as an example. Unlike Apple, Mark said that "Intel engaged with the community after disclosure" of Spectre and Meltdown.

One potential issue with the shift to Apple Silicon security may become problematic down the road. As Apple slowly makes macOS more iOS-like, the opaqueness of the operating system could complicate the jobs of security researchers and security tools.

Using iOS as an example, Wardle said there are benefits to being locked down. Out of the box, the iPhone is an incredibly secure device. But the iPhone's defense mechanisms make it hard to know whether a device has been compromised. On a Mac, savvy users can view a process list or otherwise poke around the system. That isn't the case on an iPhone.

"Even for me, as a security researcher, it's very difficult to answer the question 'Is my iPhone not hacked?'" Wardle said.

Advanced attackers, like government agencies, can take advantage of this. Wardle said that although the bar for security is being raised, "there's always going to be malware." Once that malware is on a locked-down device like an iPhone, it can be nearly impossible for the average user to know that they've been compromised.

"Once these adversaries have penetrated the very difficult exterior, they're going to remain undetected because users or security tools are basically handcuffed," Wardle said. "You kind of reach this interesting inflection point where the security of the system can be used against it."

A simple example is an exploit deployed over iMessage, which has happened in the past. Since iMesssage is end-to-end encrypted, even Apple can't detect these attacks.

Although rare, iPhone exploits do exist. Because of the device's security mechanisms, they're a lot harder to detect and mitigate. If macOS becomes more locked down in terms of what users and researchers can do, the Mac could end up in a similar situation. Mac exploits could become just as rare, and in theory, just as invisible.

Wardle did say that the security benefits of M1 are going to be positive for the vast majority of Mac users. The ability to access security tools or mechanisms can even expand the "attack surface," making a device more vulnerable to attack. But locked-down systems do have those aforementioned problems.

"I don't really know what the answer is, but I think it's really important that we have this discussion," Wardle said.

Additionally, the M1 doesn't necessarily protect against users downloading a malicious application or a piece of malware bypassing app notarization. Nothing is hack-proof, so users will still need to practice discretion.

The future of M1 and ARM

The security benefits of the M1 are only small pieces of the Apple Silicon puzzle. Beyond security, the M1 represents a leap forward for Apple computers -- and is likely heralding a broader shift to ARM-based chips in the laptop and desktop space. Microsoft, for example, is working on its own ARM-based hardware.

Compared to other ARM chips, Mark said that "Apple has been remarkable at implementing both the absolute latest version of the ARM spec and creating clever extensions. This is in part why you can't run ARM macOS on any other hardware, there's just no chips that are quite as advanced commonly available."

Wardle says that it's incredible what Apple managed to accomplish with the M1, both from a security point of view as well as features like performance, price point, and battery life.

"I think we'll look at the M1 chip and I think we'll see it as an event in Apple's history that is maybe as impactful as when they introduced the iPhone," Wardle said. "I think it's game-changing."
lolliver

Comments

  • Reply 1 of 15
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.

    Does anyone know if Spectre and Meltdown will affect M1? https://meltdownattack.com <--

    M1 isn't equal to ARM, but the ARM website itself says ARM may be affected: https://developer.arm.com/support/arm-security-updates <--

    I'm particularly curious about the Rowhammer attack.

    Apple should update this page to discuss M1 Macs: https://support.apple.com/en-us/HT208394
    edited February 10 twokatmewukrunr
  • Reply 2 of 15
    jingojingo Posts: 104member
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Maybe, and this is a trope that is often trotted out, but there are other factors as well which are much more worthy of comment. One of them is that Apple is vastly more successful at getting its users' system updated to the latest (more secure) version of the operating system. As a result there is a smaller proportion of the Apple systems in use that are vulnerable.

    This is particularly the case with iPhones compared to Android devices, but it also applies to Macs when compared with Windows.
    twokatmewmwhitedm3d_2plastico23jdb8167mizhouGG1lolliverjony0
  • Reply 3 of 15
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.

    I don't agree with this.  Apple users are generally more "valuable" targets. 

    More victims vs. victims that are more valuable?
    lkruppmizhoutechconclolliverwatto_cobra
  • Reply 4 of 15
    XedXed Posts: 825member
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Well that's not even close to being accurate. Besides macOS being UNIX compliant for over 2 decades now there is also the core OS being used on billions of devices which very much makes Apple and their users a target for hackers and scammers.
    edited February 10 JWSCmizhoutechconclolliverjony0watto_cobra
  • Reply 5 of 15
    Xed said:
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Well that's not even close to being accurate. Besides macOS being UNIX compliant for over 2 decades now there is also the core OS being used on billions of devices which very much makes Apple and their users a target for hackers and scammers.
    This chart shows OS's in use based on web client usage, which is pretty close to the truth. 
    https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Web_clients <--


    ukrunr
  • Reply 6 of 15
    XedXed Posts: 825member
    Xed said:
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Well that's not even close to being accurate. Besides macOS being UNIX compliant for over 2 decades now there is also the core OS being used on billions of devices which very much makes Apple and their users a target for hackers and scammers.
    This chart shows OS's in use based on web client usage, which is pretty close to the truth. 
    https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Web_clients <--


    Even if we don't consider the ways that hackers code get code onto *nix platforms (even though it's been widely talked about this week) which would make it more than 2/3rds of all platforms in use, to claim that hackers have no interest in Apple's OS core form a chart—you supplied—that shows almost 1 in 4 devices are running is insane. 

    This chart clearly shows that Apple's OSes are clearly something that hackers and scammers will target.

    Besides all that, even if macOS was the most secure OS on the market without ever been a single compromise in any of the code that a hacker could exploit, what exactly is your point in an article about what ASi mans for Mac security? Are you really suggesting that Apple and its users should concern themselves with security?
    edited February 10 watto_cobra
  • Reply 7 of 15
    Xed said:
    Xed said:
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Well that's not even close to being accurate. Besides macOS being UNIX compliant for over 2 decades now there is also the core OS being used on billions of devices which very much makes Apple and their users a target for hackers and scammers.
    This chart shows OS's in use based on web client usage, which is pretty close to the truth. 
    https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Web_clients <--

    Even if we don't consider the ways that hackers code get code onto *nix platforms (even though it's been widely talked about this week) which would make it more than 2/3rds of all platforms in use, to claim that hackers have no interest in Apple's OS core form a chart—you supplied—that shows almost 1 in 4 devices are running is insane. 

    This chart clearly shows that Apple's OSes are clearly something that hackers and scammers will target.

    Besides all that, even if macOS was the most secure OS on the market without ever been a single compromise in any of the code that a hacker could exploit, what exactly is your point in an article about what ASi mans for Mac security? Are you really suggesting that Apple and its users should concern themselves with security?
    This is the second time you change my words from "macOS" to "Apple's Core OS" and you even add up iOS to macOS to try to prove me wrong. You need to stop doing that. I was talking ONLY about macOS and that was perfectly clear. Even the article was about M1+macOS, not about iOS. Stop changing the subject repeatedly.

    Your final question was "should Apple and its users concern themselves with security?" Is that a trick question? I don't understand why you would ask a question with an obvious answer. You asked "what is your point about what ASi means for Mac Security?" What do you mean "what is my point?" If you go back and read my post, my point was that ASi might be impacted by Spectre, Meltdown, and Rowhammer. I was asking if M1 was affected. Read my post again, and you will see that that was my question. I wasn't telling you the answer, I was asking a question. Why would you attack someone who asks a question and doesn't know the answer?

    If you want to attack me, then tell me what the answer is, and ridicule my ignorance, instead of attacking someone who asks a question and doesn't know the answer. What's the point in attacking someone who doesn't have the answer and simply asks a sincere question? 
    edited February 10 ukrunr
  • Reply 8 of 15
    XedXed Posts: 825member
    Xed said:
    Xed said:
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Well that's not even close to being accurate. Besides macOS being UNIX compliant for over 2 decades now there is also the core OS being used on billions of devices which very much makes Apple and their users a target for hackers and scammers.
    This chart shows OS's in use based on web client usage, which is pretty close to the truth. 
    https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Web_clients <--

    Even if we don't consider the ways that hackers code get code onto *nix platforms (even though it's been widely talked about this week) which would make it more than 2/3rds of all platforms in use, to claim that hackers have no interest in Apple's OS core form a chart—you supplied—that shows almost 1 in 4 devices are running is insane. 

    This chart clearly shows that Apple's OSes are clearly something that hackers and scammers will target.

    Besides all that, even if macOS was the most secure OS on the market without ever been a single compromise in any of the code that a hacker could exploit, what exactly is your point in an article about what ASi mans for Mac security? Are you really suggesting that Apple and its users should concern themselves with security?
    This is the second time you change my words from "macOS" to "Apple's Core OS" and you even add up iOS to macOS to try to prove me wrong. You need to stop doing that. I was talking ONLY about macOS and that was perfectly clear. Even the article was about M1+macOS, not about iOS. Stop changing the subject repeatedly.

    Your final question was "should Apple and its users concern themselves with security?" Is that a trick question? I don't understand why you would ask a question with an obvious answer. You asked "what is your point about what ASi means for Mac Security?" What do you mean "what is my point?" If you go back and read my post, my point was that ASi might be impacted by Spectre, Meltdown, and Rowhammer. I was asking if M1 was affected. Read my post again, and you will see that that was my question. I wasn't telling you the answer, I was asking a question. Why would you attack someone who asks a question and doesn't know the answer?

    If you want to attack me, then tell me what the answer is, and ridicule my ignorance, instead of attacking someone who asks a question and doesn't know the answer. What's the point in attacking someone who doesn't have the answer and simply asks a sincere question? 
    Of course I'm putting them together. They share a common core. It would be foolish not include everything under the Darwin umbrella, as well a good deal of foundation code atop Darwin that they share. To ignore iOS simply because it hurts your argument is foolish. For example, I didn't hesitate to install the Big Sur point tertiary update this week because it fixes a Sudo bug that could give root access to an attacker.
    edited February 10 jdb8167watto_cobra
  • Reply 9 of 15
    chasmchasm Posts: 2,339member
    This chart shows OS's in use based on web client usage, which is pretty close to the truth. 
    Do you understand that this chart actively undermines the claim of "security through obscurity?" Nearly a quarter of all web traffic (I'm combining Mac and iOS) does not even remotely meet the definition of "obscure."

    Linux is the OS that offers "security through obscurity," friend, not Apple products. Every percentage point there is at least a few tens of millions of people -- and as previously pointed out, Mac/iOS users tend to be higher-value targets than some soy farmer or retail wage slave on a low-end Android phone, wouldn't you agree?

    It's also clear that even if you even that playing field by looking at incidents-per-capita that iOS in particular with Mac not far behind are objectively more secure than Windows and Android. There's no debate about this.

    Your argument ceased to be valid at least by the time the iMac came out, if not far earlier.
    techconclolliverjony0watto_cobra
  • Reply 10 of 15
    I cited real data to prove that macOS was only 7% of the OS web browsing market. And I will maintain that hackers avoid small single digit market share OSs. Good night.
  • Reply 11 of 15
    crowleycrowley Posts: 7,633member
    I cited real data to prove that macOS was only 7% of the OS web browsing market. And I will maintain that hackers avoid small single digit market share OSs. Good night.
    Know many hackers do you?  It obviously depends on what the hackers want to achieve.

    Apple pay a decent bounty for hackers who identify security vulnerabilities to them. 
    They're also a company many people want to work for, so showing chutzpah by finding flaws may be a way in.
    Mac users are also generally speaking an affluent bunch, so may present as higher value targets for malevolent types, worth investing time into.
    Apple also aren't a popular company amongst many hacker communities, so there could be a certain prestige or karmic justice in exposing vulnerability in the big bad corp.

    Bear in mind also, that the single digit market share has somewhat changed in meaning in the last 10 years.  Pre-2007 those percentages probably wouldn't even count mobile devices, so now you're talking about a much bigger pool.  In terms of non-mobile computing it looks like the web trackers are registering macOS at more like 20%, and it's not immediately apparent what the absolute numbers are.  20% of a big number is still a big number, and worth considering.

    Also bear in mind that with the move to M1, macOS and iOS will be sharing a processor architecture and an increasing amount of system architecture and code.  Targetting both together, especially with things like Safari injection attacks will be increasingly possible, so targetting macOS becomes easier for hackers who are already targetting iOS.  Hackers are just like everyone else and will be lazy when they can.
    What's the point in attacking someone who doesn't have the answer and simply asks a sincere question? 
    Stop whining.  Your questions are never sincere, they're meandering wonderings.
    edited February 11 muthuk_vanalingamlolliver
  • Reply 12 of 15
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.
    Are we really saying that hackers aren't interested in hacking into, say, a company that almost exclusively uses Macs to do everything and is currently the world's most valuable company?

    Burglars don't steal the money from the tills of 50 shops when they could steal the diamonds from one jewellery shop.
    muthuk_vanalingamlolliverjony0watto_cobra
  • Reply 13 of 15
    As an old timer, talking about secure operating systems today is laughable. Back in the 80s, Digital Equipment Corp of Maynard, MA created the VMS operating system that could run on a small four user730 VAX to the largest system they built. To my knowledge, it was never compromised. So the military went with with Windows, the least secure operating system ever created and has been a security nightmare ever since the first version.
    lolliverwatto_cobra
  • Reply 14 of 15
    Another factor that has protected macOS in the past was its lack of popularity compared to Windows. Hackers can't be bothered with a small number of victims. For now, that factor remains intact.

    Does anyone know if Spectre and Meltdown will affect M1? https://meltdownattack.com <--

    M1 isn't equal to ARM, but the ARM website itself says ARM may be affected: https://developer.arm.com/support/arm-security-updates <--

    I'm particularly curious about the Rowhammer attack.

    Apple should update this page to discuss M1 Macs: https://support.apple.com/en-us/HT208394
    Not to jump on the bandwagon, but the "security through obscurity" argument is weak and quite frankly just doesn't apply.  For starters, let's put market share aside for the moment.... Apple users in general (which includes Mac) are the most sought after targets.  Why?  Because they have money.  Apple's customers are considered premium customers as they have higher education and more discretionary income on average.  That's why advertisers target them the most.  Surely, malware targets them as well.  There have been many documented malware attempts on Apple's platforms.  Even the Mac alone is not some small platform that nobody's heard of or cares about. 

    Having said that, iOS alone has 1 billion active users and has matched the size of the Windows market.  Not only does MacOS share much of the same foundation as iOS but now that the hardware is the same, even more code is in common between these two market segments / platforms.

    Finally, the page you reference already addresses Apple's position on Spectre and Meltdown.  Clearly, Apple is very aware of these types of attacks. Why would you expect the M1 to be any different?  More specifically, why would you expect the M1 to be more vulnerable.  Apple has addressed these attacks already and have stated so.  Why pretend this is something new that Apple hasn't considered?
    Xedlolliver
  • Reply 15 of 15
    zimmiezimmie Posts: 500member
    Does anyone know if Spectre and Meltdown will affect M1? https://meltdownattack.com <--

    M1 isn't equal to ARM, but the ARM website itself says ARM may be affected: https://developer.arm.com/support/arm-security-updates <--

    I'm particularly curious about the Rowhammer attack.

    Apple should update this page to discuss M1 Macs: https://support.apple.com/en-us/HT208394
    Ignoring a big chunk of the post which has already been shown to be bogus.

    Spectre (CVE-2017-5753 and CVE-2017-5715) theoretically impacts any processor design which uses speculative execution (a technique used to speed up a single thread on a processor), but the negative security impact of speculative execution had been known for years beforehand. The exact vulnerabilities given the "Spectre" name require the ability to run code on the same core uninterrupted for a while to train the branch prediction, and that gets you a few bytes of target data. Then you have to start again to get a few more bytes. Bad for servers (especially servers where your adversary can buy the ability to run software, like AWS), but mostly a non-issue for personal machines.

    Meltdown (CVE-2017-5754) involves relying on out-of-order execution (again, a technique used on modern processors to improve thread performance). When you try to read a given memory location, some processor designs sometimes copy the memory into cache before they check whether you are allowed to read the data. This is more reliable, and takes much less time than training the branch predictor for Spectre, but it still requires the ability to already run arbitrary code on the system in question. Again, bad for servers, especially multi-tenant systems like AWS, but mostly not a problem for personal machines.

    Rowhammer is a physical property of dynamic RAM. With low-privilege code, you can potentially retrieve data from adjacent RAM locations to the locations you are using, but you have no control over where the system puts you, and no way to see actual memory addresses. And if you have control over the memory layout, you already have the ability to execute privileged code. This is almost entirely a non-issue for any machine, because exploiting it effectively requires having a level of access which makes exploiting it unnecessary.

    All of these are substantially overhyped. Don't run programs from sketchy sources, and they're basically non-issues.
    GG1lolliverrundhvidFidonet127randominternetpersonjony0hydrogenwatto_cobra
Sign In or Register to comment.