Apple’s M1 chip includes a security vulnerability that can’t be solved without a new version of the chip being released, according to developer Hector Martin.
The “covert channel flaw” allows two malicious apps to communicate, but unless your system has already been compromised by malware or other exploits, “covert channels are completely useless” writes Martin in a blog post first reported by Ars Technica.
Martin goes on to say that this flaw “violates the OS security model” and that “you’re not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you’re not supposed to be able to write to random CPU system registers from userspace either.”
Ars Technica reports that covert connections don’t require operating system features, system memory, sockets or files to run. Apps can even communicate if they’re running on different user profiles and have varying access levels to the device.
Martin says that this problem would be a more significant issue on iPhones if they used the M1 chip since it would theoretically allow apps to record your keypresses and send them via a covert channel. Normally, keyboard apps on iOS don’t have internet access and can’t transmit your inputs to bad actors — this exploit would allow apps to circumvent this.
The exploit could also theoretically allow apps to bypass iOS 14.5’s cross-app tracking limiting features.
Given the exploit is hardware-based, it’s unlikely Apple will be able to fix it. That said, the next generation of the M1 chip will likely include a solution for the problem.