Anyone know if the massive CPU flaw (Meltdown & Spectre) are in our WiFi devices?

Anyone know if the massive CPU flaw (Meltdown & Spectre) are in our WiFi devices?

Massive chip flaw not limited to Intel

Intel is dealing with a major chip bug, but full impact unclear

How to protect your PC from the major Meltdown and Spectre CPU flaws

Mac and iPhone both affected by big chip vulnerability

How the Spectre CPU flaw affects phones and tablets

Google Project Zero: Reading privileged memory with a side-channel

Intel's full statement:

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

Reply to
Harry Newton
Loading thread data ...

For example, my rooftop Ubiquiti Rocket M5 radio, running a variant of Linux, uses The MIPS 74kc processor.

Anyone know if that's affected?

Reply to
Harry Newton

Harry Newton asked:

Based on the same news reports you've probably seen...

These vulnerabilities only allow reading by unprivileged processes of what should be protected (and unreadable) kernel memory, which, in theory, might contain privileged information. However, the attacks require the attacker to run code on the machine in question.

That might, in theory, be done via a web browser if it runs code from a malicious web site, though I think doing that and getting anything useful would be hard. The case of cloud computing is a more likely attack platform, since a legitimate customer might be able to obtain information about other customers running on the same machine.

I don't see these being an issue for routers, regardless of what chip they use. To the extent routers even have a kernel, I don't think there's all that much privileged information in it, and if your router is already compromised enough that an attacker can run code on it at all, you've already lost. -WBE

Reply to
Winston

Thanks for that advice.

I've since found out the following from alt.os.linux ...

From

formatting link

| Superscalar core

Probably vulnerable to Spectre variant 1.

| 64-entry (4-way associative) jump register cache to predict target for | indirect jumps.

Probably vulnerable to Spectre variant 2.

Meltdown is harder to assess, that will require either actual experimentation or a manufacturer statement.

There is no reason to think single-threaded devices are unaffected.

Sort-of true; these issues won+IBk-t normally represent a directly exploitable vulnerability on such devices but they will undermine internal protections.

Reply to
Harry Newton

I don't know, yet.

With all the conflicting reports, pronouncements, opinions, and pontifications, it's going to be a while before we know for sure. Eventually, the testing will get down to the imbedded devices. Then, we can discuss whether your HVAC thermostat, smartphone, wireless keyboard, and smart coffee maker are affected.

It's been interesting watching Intel and friends change their tune overnight. At first, they tried to minimize the potential damage by claiming that only a few devices were affected. AMD and ARM also initially claimed their chips were immune. Most of that sounded like the PR (public relations) department, not engineering or management. A few days later, it seems that everything is affected in some manner and degree. Allegedly, the latest chips are ok, while older chips and blade servers will see a 30% performance hit. We'll see as testing continues.

What I find amusing is that Intel, Microsoft, and computah vendors can easily turn this mess into a huge sales effort. If the proposed fixes really do ruin performance, all they have to do is suggest that a shiny new machine, with the latest fixed CPU, is the only guarantee that you don't have any vague and unspecified vulnerabilities and problems. I suspect Microsoft will cooperate by making their patches and fixed produce minimal slowdowns for the latest OS released, and dramatic slowdowns in progressively older equipment. The various competitors will say nothing because they also stand to profit from the FUD (fear, uncertainty, doubt). I watched it happen in 1999 during the Y2K debacle, where huge amounts of equipment and upgrades were sold on the basis of not taking any unnecessary risks.

Also, it's not that there aren't any other products that have unfixed vulnerabilities:

Reply to
Jeff Liebermann

I would like to repeat Harry's point here.

Are you posting in UTF-7? I didn't see a charset header, and I don't know if I've ever seen UTF-7 "in the wild".

Elijah

------ just in staged examples

Reply to
Eli the Bearded

Javascript in browser attacks have been demonstrated.

formatting link

Specifically mentioning Edge, Firefox, Chrome, and Safari. That's most of the browser market.

This page has more details about javascript exploits:

formatting link

Elijah

------ Opera? I hardly know her.

Reply to
Eli the Bearded

I previously posted:

Eli the Bearded writes:

That was an interesting article, and it led to another interesting article, so thanks for the link. I saw Javascript exploits, but, based on the summary of the fixes Google recommended, they struck me more as plain old ordinary Javascript exploits, not ones specifically reliant on Spectre or Meltdown, though there may now be additional ways of taking advantage of the exploits. Maybe I misread...

The key new thing described there that differed from what I'd read before was that Spectre can not only access kernel memory (where maybe there's something interesting in the probed area, maybe not), but also data from other applications, including other parts of the same application (to violate sandboxing).

Unfortunately, that URL isn't working for me at the moment: no peer certificate or client certificate name. -WBE

Reply to
Winston

I get a Comodo cert for a Cloudflare server. It has about twenty to thirty SAN names, "not valid before" 26 Nov 2017 (which might or might not be issue date), and valid till 4 June 2018.

Elijah

------ viewed the cert in Firefox

Reply to
Eli the Bearded

Very good article on how Spectre and Meltdown actually work by the founder of Raspberry Pi, Eben Upton.

Reply to
Jeff Liebermann

Hi Jeff, That has to be the single most enlightening (easily understood!) article on the planet for this issue!

Thank you. Thank you. Thank you. Thank you.

Reply to
Harry Newton

Great description here:

formatting link

Paraphrased:

Meltdown melts security down between program and hardware. Spectre speculative execution tricks program access to app memory.

Lots of detail, papers, links for every operating system, etc.

Reply to
Harry Newton

Seconded. For the technically inclined, it also links to

formatting link

entitled "Project Zero: Reading privileged memory with a side-channel".

That one I'm still reading... -WBE

Reply to
Winston

Yep. Even I can understand it.

I had nothing to do with the article except that I found it with Google.

I get email from a former client asking if something I worked on 17 years ago might be vulnerable. Why me? Because everyone else on the design end of the project has either retired, disappeared, gone senile, or not kept up to date.

The whole mess reminds me of a local (name withheld) personality who built a very expensive house in the area. The house was the best that his money could buy. Unfortunately, a few years later, he discovered that the site preparation was badly done and the foundation was crumbling. Fixing the foundation was VERY expensive.

For you amusement, Intel and others are pushing 802.11ax: Everything you know is wrong and everything you own is obsolete. To keep up to date, all you need to do is blow about $400 for the latest greatest routers. In theory, it can work up to 3.5Gigabits/sec by simply monopolizing most of the 5GHz band: It also does seamless roaming, fast connect, predictive handoff, and cook your breakfast. I've heard this all before, but maybe they can make it all work together this time. The problem with previous incantations is that no sooner is a seamless roaming protocol published, that it is found not to work with a new, improved, and allegedly unrelated comm or mesh protocol usually published AFTER the seamless roaming protocol.

Reply to
Jeff Liebermann

On that note, I've been tinkering with the idea of replacing my Rocket M5 (which replaced my Rocket M2 which replaced my NanoBridge 2.4GHz which replaced my Bullet HP M2) with a Rocket "ac" radio in the Santa Cruz Mountains.

My local small-town WISP says that will improve my noise, which is kind of high at -88dBm (signal is good though, at about -60dBm) and hence improve my speeds.

Do you agree?

Reply to
Harry Newton

I previously posted:

Now that I've read the whole thing...

It reminds me of the concerns government agencies had about using any sort of time sharing operating system for classified material. NSA-provided mods to Solaris to produce Secure Solaris, for example, worried a lot about ways code on the trusted side might be able to signal a process on the untrusted side and thereby leak data. Made-up examples might be changing some device state or framebuffer pixel in some way that the unsecure process could detect, or varying the scheduling of a process, or the amount of memory in use, etc. The general idea has been around for decades -- a spy who goes for coffee every morning before work, but whose wristwatch is very accurately set, so that walking through the door at 09:00:00 means something different than at 09:00:10 to the guy across the street who also has a watch accurately set, but looks the same to anyone else.

The general idea was simply that getting a few bits at a time out was sufficient, and here, with Meltdown and Spectre, attackers not only can get data out, they don't even have to run anything on the secure side to do it. -WBE

Reply to
Winston

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.