In a nutshell: Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) in 2018 aimed at detecting memory safety violations and hardening devices against attacks exploiting memory flaws. It was added in the Arm v8.5-A architecture and later versions. However, recent research suggests MTE may not live up to its security promises.
MTE works by tagging 16-byte blocks of physical memory with 4-bit metadata keys. When a program accesses data within a tagged block using a pointer, the hardware checks if the pointer contains the matching key for that memory block. A mismatch throws an error, potentially catching exploits trying to access forbidden memory areas.
The technology has been touted as a defense against common C/C++ memory corruption bugs, such as buffer overflows and use-after-free errors, which could lead to system and data hijacking. Arm hoped MTE would help developers catch these bugs during testing and stop attacks at runtime.
However, researchers from Seoul National University, Samsung, and Georgia Tech have now demonstrated that MTE can be bypassed around 95 percent of the time in under four seconds using speculative execution attacks.
Their paper, "TikTag: Breaking Arm's Memory Tagging Extension with Speculative Execution," outlines two techniques, dubbed TIKTAG-v1 and TIKTAG-v2, that can extract the MTE tags for arbitrary memory addresses by observing how speculative operations influence data prefetching.
Speculative execution is an optimization technique where CPUs perform some operations ahead of time and discard the results if they are not needed. However, speculatively accessing data can leave timing side-channels that leak information.
Using proof-of-concept code, the researchers were able to successfully extract MTE tags from Chrome on Android and the Linux kernel with over 95 percent success in under four seconds.
It's important to note that extracted tags don't necessarily enable direct exploitation. Sensitive data such as passwords and encryption keys are not directly exposed. However, they do allow attackers to undermine MTE protections, rendering it less effective against more sophisticated attacks.
In the paper, the researchers proposed multiple solutions for these vulnerabilities, such as modifying hardware to prevent speculative execution from leaking cache states, inserting speculation barrier instructions, adding padding instructions, and enhancing sandboxing to restrict speculative access.
These findings were disclosed to Arm, which acknowledged the issue but did not consider it to be a dealbreaker.
Around the same time, Google's Chrome team decided not to address the researchers' suggested mitigations, arguing that Chrome's V8 engine isn't intended to guarantee the confidentiality of MTE tags. However, the Android Security team awarded a bug bounty after confirming the issue and addressing it in the Pixel 8 series.
Researchers crack Arm's memory safety mechanism, achieve 95% bypass rate
