What the M1 and Apple Silicon mean for Mac security
The M1 chip makes the Mac platform more secure in a number of ways, but it could also signal a change toward a locked-down version of macOS that could have its own security drawbacks.
Apple's M1 chip has a number of significant benefits in terms of efficiency, battery life, and overall performance, but one area that has been overlooked by comparison is how the Apple Silicon switch affects computer security in terms of protection against malware and malicious attacks.
AppleInsider spoke with security researchers Patrick Wardle and Rick Mark to get their takes on the security benefits of M1, some of the potential downsides, and what makes M1 unique among ARM-based chips.
Apple Silicon security benefits
Although there are some key differences, M1-equipped Macs provide a level of security that takes several steps closer to the iPhone and further away from Intel Macs. These security features can be fit broadly into a couple of categories, according to Wardle, who is a Mac security researcher and the creator of a suite of free Mac security tools.
The first category is exploit mitigation, which are mechanisms that can help protect against remote code execution or zero-day vulnerability exploits. This includes a hardware-level security mechanism called pointer authentication that makes it much harder for an attacker to modify pointers in memory and provides a level of defense against buffer overflow exploits.
Many of these hardware-level benefits were immediately gained when Apple switched its desktops to ARM. Mark, a member of the team that developed the checkra1n exploit, said that Apple's work with pointer authentication provides security "that Intel cannot yet match."
The other category includes both operating system-level protections and defenses against attacks that would require physical access to a device.
For one, Mark pointed out that M1-equipped Macs are also no longer vulnerable to the checkm8 vulnerability that affected the T2. In fact, M1 Macs don't even have a T2 chip. Instead, the security functionality that the T2 supported is baked into the M1.
This category also includes two features mentioned specifically in Apple security documentation: system integrity and data protection.
System integrity allows for a hardware-level verification of the operating system during startup. It also continues to operate in the background to protect macOS authorizations as it runs. That shores up protections against sophisticated malware that could try to subvert macOS in a persistent manner.
"It really takes away another pretty insidious attack vector, or at least makes it a lot more difficult," Wardle said.
Additionally, the M1 chip also allows third-party developers to use file-level encryption to protect user data without impacting system performance. In other words, third-party will be able to more easily encrypt user data for privacy and security. That's a capability that wasn't available in past Mac devices.
"I think [the M1] makes exploitation a lot more difficult, it makes certain kinds of persistence very difficult, and provides better security and privacy," Wardle said. "If you care dearly about security and privacy, the M1 is kind of a no-brainer in comparison to the older systems."
Many average users may not even notice these features, Mark added. A lot of this happens in the background, so Mac owners may only notice that some software needs to be updated because of the shift from external extensions (kext) to system extensions.
For those working in the security field, however, Mark said that the M1 could advance security research on the iPhone — even without access to a Security Research Device. That's because Apple has left an "escape hatch to run unsigned code" on the chip.
Potential downsides to M1
Despite the benefits and additional security features, there may be a few security drawbacks to the Apple Silicon chip. Some of those are present now, while others many manifest down the road.
Mark said the biggest issue with Apple Silicon currently is the lack of documentation. For example, on M1 Macs, certain Apple systems like iBoot, the Secure Enclave Processor, and processor extensions are not publicly documented.
"This means that external validation of the security components of a M1 based Mac are a lot harder to analyze and verify," Mark said.
Mark added that Apple hasn't always been forthcoming with hardware security flaws. He cites the checkm8 vulnerability as an example. Unlike Apple, Mark said that "Intel engaged with the community after disclosure" of Spectre and Meltdown.
One potential issue with the shift to Apple Silicon security may become problematic down the road. As Apple slowly makes macOS more iOS-like, the opaqueness of the operating system could complicate the jobs of security researchers and security tools.
Using iOS as an example, Wardle said there are benefits to being locked down. Out of the box, the iPhone is an incredibly secure device. But the iPhone's defense mechanisms make it hard to know whether a device has been compromised. On a Mac, savvy users can view a process list or otherwise poke around the system. That isn't the case on an iPhone.
"Even for me, as a security researcher, it's very difficult to answer the question 'Is my iPhone not hacked?'" Wardle said.
Advanced attackers, like government agencies, can take advantage of this. Wardle said that although the bar for security is being raised, "there's always going to be malware." Once that malware is on a locked-down device like an iPhone, it can be nearly impossible for the average user to know that they've been compromised.
"Once these adversaries have penetrated the very difficult exterior, they're going to remain undetected because users or security tools are basically handcuffed," Wardle said. "You kind of reach this interesting inflection point where the security of the system can be used against it."
A simple example is an exploit deployed over iMessage, which has happened in the past. Since iMesssage is end-to-end encrypted, even Apple can't detect these attacks.
Although rare, iPhone exploits do exist. Because of the device's security mechanisms, they're a lot harder to detect and mitigate. If macOS becomes more locked down in terms of what users and researchers can do, the Mac could end up in a similar situation. Mac exploits could become just as rare, and in theory, just as invisible.
Wardle did say that the security benefits of M1 are going to be positive for the vast majority of Mac users. The ability to access security tools or mechanisms can even expand the "attack surface," making a device more vulnerable to attack. But locked-down systems do have those aforementioned problems.
"I don't really know what the answer is, but I think it's really important that we have this discussion," Wardle said.
Additionally, the M1 doesn't necessarily protect against users downloading a malicious application or a piece of malware bypassing app notarization. Nothing is hack-proof, so users will still need to practice discretion.
The future of M1 and ARM
The security benefits of the M1 are only small pieces of the Apple Silicon puzzle. Beyond security, the M1 represents a leap forward for Apple computers — and is likely heralding a broader shift to ARM-based chips in the laptop and desktop space. Microsoft, for example, is working on its own ARM-based hardware.
Compared to other ARM chips, Mark said that "Apple has been remarkable at implementing both the absolute latest version of the ARM spec and creating clever extensions. This is in part why you can't run ARM macOS on any other hardware, there's just no chips that are quite as advanced commonly available."
Wardle says that it's incredible what Apple managed to accomplish with the M1, both from a security point of view as well as features like performance, price point, and battery life.
"I think we'll look at the M1 chip and I think we'll see it as an event in Apple's history that is maybe as impactful as when they introduced the iPhone," Wardle said. "I think it's game-changing."