June 17, 2024 By Bill Toulas
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature.
The paper, co-signed by a team of Korean researchers from Samsung, Seoul National University, and the Georgia Institute of Technology, demonstrates the attack against Google Chrome and the Linux kernel.
MTE is a feature added in the ARM v8.5-A architecture (and later), designed to detect and prevent memory corruption.
The system uses low-overhead tagging, assigning 4-bit tags to 16-byte memory chunks, to protect against memory corruption attacks by ensuring that the tag in the pointer matches the accessed memory region.
MTE has three operational modes: synchronous, asynchronous, and asymmetric, balancing security and performance.
The researchers found that by using two gadgets (code), namely TIKTAG-v1 and TIKTAG-v2, they can exploit speculative execution to leak MTE memory tags with a high success ratio and in a short time.
