Meltdown and Spectre side-channel vulnerabilities threaten most computer microprocessors and operating systems—including portable devices, and potentially industrial control systems exposed to the Internet.

January 7, 2018

No Comments

The United States Computer Emergency Readiness Team (US-CERT) reports several CPU hardware implementations are vulnerable to side-channel attacks, being referred to as Meltdown and Spectre (also KAISER and KPTI).

As this is an actual hardware problem related to CPU architecture design, the only real solution is to replace affected CPU chips with corrected architectures. Estimates in the popular news are suggesting that as many as 1.5 billion computers are affected worldwide.

There has been discussion about the problem in the industry for several months, but only recently has the issue come to public attention.

Meanwhile, workarounds to mitigate the hardware issues are being created in operating system software and will be available as updates by the operating system (OS) providers in a short period of time.

The problem, if left uncorrected, can allow an attacker to execute code with user privileges, which can have various impacts, for example, reading otherwise protected kernel memory and bypassing KASLR (Kernel Address Space Layout Randomization).

According to Google’s Project Zero, CPU data cache timing can be abused to leak information out of “mis-speculated execution,” leading to (worst case) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Multiple CPUs and OS architectures are affected and include AMD, Apple, ARM, Google, Intel, Linux Kernel, Microsoft and Mozilla. Virtually no computer is unaffected (including tablets and phones), and this includes servers running any of these microprocessors and operating systems, and most likely industrial control platforms running on the same hardware/OS platforms. Some news sources are suggesting that chips dating back to 1995 are affected by the architectural design issue.

At this time US-CERT is unaware of any active exploitation, and will provide more information as it becomes available.

In terms of industrial control systems, best advice is to monitor the ICS-CERT Industrial Control Systems Cyber Emergency Response Team web page and vendors of programmable controllers, automation systems, distributed control systems and other microprocessor-based equipment that may be vulnerable by being exposed to the Internet.

Wayne Labs has more than 20 years of editorial experience in industrial automation. He served as senior technical editor for I&CS/Control Solutions magazine for 18 years where he covered software, control system hardware and sensors/transmitters. Labs ran his own consulting business and contributed feature articles to Electronic Design, Control, Control Design, Industrial Networking and Food Engineering magazines. Before joining Food Engineering, he served as a senior technical editor for Omega Engineering Inc. Labs also worked in wireless systems and served as a field engineer for GE’s Mobile Communications Division and as a systems engineer for Bucks County Emergency Services. In addition to writing technical feature articles, Wayne covers FE’s Engineering R&D section.

You must login or register in order to post a comment.

Improving Efficiency and Safety with High Performance Doors

The durability, reliability and safety of a door system is critical to reducing operational downtime and extending the life expectancy of the equipment. A high performance door can offer energy efficiency, cost savings and improved safety. Hörmann’s industry leading door control technologies, activation, and safety systems offer efficiency, safety and optimal performance in food, beverage and cold storage applications.

Perfecting the Production Process

Managing all phases of the production cycle is critical for making the best decisions for your business. As consumer demands fluctuate and upend production schedules, the end-to-end visibility into your supply chain to manage forecasting, production, BOM, and allergens is critical to drive operational efficiency and growth.

Poll

COVID Travel Restrictions

View Results

Poll Archive

Products

Packaging Research in Food Product Design and Development

Packaging Research in Food Product Design and Development is the first book to comprehensively address the issues of graphics design and visual concepts, from a systematic, scientific viewpoint, yet with business applications in mind.

See More Products

CPU security vulnerabilities pose broad-spectrum issues

Meltdown and Spectre side-channel vulnerabilities threaten most computer microprocessors and operating systems—including portable devices, and potentially industrial control systems exposed to the Internet.

Recent Articles by Wayne Labs

Inorganic arsenic in baby food: Getting to the “root” of the problem

AI, machine learning and cybersecurity

A novel way to clean wastewater streams

Gray partners with Clemens Food Group to increase sausage production

Going paperless at the machine builder provides quick response to food companies’ demands

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest food and beverage manufacturing markets.

CPU security vulnerabilities pose broad-spectrum issues

Meltdown and Spectre side-channel vulnerabilities threaten most computer microprocessors and operating systems—including portable devices, and potentially industrial control systems exposed to the Internet.

Recent Articles by Wayne Labs

Related Articles

Report Abusive Comment

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest food and beverage manufacturing markets.