Meltdown and Spectre processor flaws

Scott Russell - N1SER

Any word from Flex if the Meltdown and Spectre processor flaws affect their hardware or software? 

Wayne

From the explanation on the internet ALL related processors are affected that use ARM, Intel and one other one so if any of these processors are used in flex products then they are also affected. It is a chip manufacturing related issue when the chips are created at the various factories which has been discovered so all processors listed from the chip manufacturer will be affected. Just like a data breach there is no free pass.

Rhett Aultman

Of course, it's best for Flex to get out their own formal announcement, but seeing as I've been going through this with my own products, exposure to this really depends on what kinds of vectors for installing unwanted software on a Flex there are.  Meltdown and Spectre are both attacks that allows Program 1 to exploit hardware features that let it peek in on memory in the kernel or from Program 2.  So, a practical attack for a "close appliance" like Flex would be to install a program which then uses an attack based on Meltdown or Spectre to steal privileged information from the system.

This is obviously a problematic attack vector for a PC or smartphone (ARM processors are impacted, too, BTW), where the attack can hide in plain sight in an otherwise normal-seeming application, but it's less of a concern for a Flex, where the product security model should already be preventing access to the device to install software other than that which Flex approves of.

I actually can't see what CPU models the Flex-6000 family uses.  Does anyone know?

Steve K9ZW

Believe the radios internally use unaffected processors and a different system.

The Maestro and 6400M/6600M would have the processors and software systems that contain potential Meltdown & Spectre exploits, while being FRS configured to be very restrictive for exploitable software introduction by design in their embedded usage. 

Would think the processors in a lot, if not most, "SmartSDR for Windows" and "SmartSDR for iOS" platforms are in the list of potentially exploitable hardware/software situations.

These exploits are very interesting, as one would imagine there are a lot - HUGE LOT - of potentially exploitable parts of the IOT.  Will your car be affected, especially as many basically contain one or more cellphone-type setups on board?  Or that pad being used as Flight Navigation by the pilot flying your charter plan? 

73

Steve K9ZW

Steve-N5AC

We are still studying the vulnerabilities, and I'll comment later in this post what we know.  From a practical standpoint, what you really need to understand is how these might affect your radio operations.  To the best of our knowledge, FLEX series radios will be unaffected (FLEX-5000, 3000 and 1500) as well as the SDR-1000 which does not have a processor of any kind.  The processors in the earlier FLEX series are a lower-speed processor that is A) not likely to have the issues at all and never runs code other than FlexRadio code.  As for the FLEX-6000 Signature Series, all of these systems use a daVinci processor designed by Texas Instruments that contains an ARM processor (see text below on vulnerabilities).  Even though the core processor does have vulnerability exposure, what you need to consider, again from a practical standpoint, is how it would be exploited.  

Today the FLEX-6000 Signature Series radios only run three types of software: the Linux kernel and associated file system, software designed by FlexRadio and finally the possibility exists for third parties to make waveform modules to implement additional modes.  If you wanted to exploit a vulnerability in a radio, there are much easier ways than to craft a specific exploit than for Meltdown or Spectre.  But assuming that someone wanted to do this, the waveform module is, today, the only mechanism that a third party could exploit easily.  So, as with all things, consider the source of any waveform module you decide to install.  If it originates from a <name your favorite unstable regime> country and comes from a computer programmer that goes by the hacker alias d13rAd1O, you might want to pass on installing it.

These vulnerabilities are of concern because of two key exploit vectors: 1) At multi-customer computer centers (read cloud servers, web servers, database servers, etc) where a given machine is simultaneously running code from many parties, you might be concerned about access to sensitive corporate or customer data.  2) On a private individual or company computer, you might be concerned about installing software that could bypass some security protections you've enabled and gain access to data you would otherwise not allow.  When you consider the risk of a vulnerability you should always consider the benefit to the individual perpetrating an attack.  An attack on one of our radios has a low multiplicative effect (there are not 10,000,000 radios that you could systematically attack) and probably a low benefit (you can't steal valuable customer information, credit cards, financial records, etc. directly).  Nothing is ever totally secure, including every IoT device or other radio you own, but I think the likelihood of an exploit that would cause our customers grief is low.  We are continuing to consider and evaluate what we read, of course, but this is the thinking today.

For the technically minded, the primary processor we use is a Texas Instruments TMS320DM8168 which contains an ARM Cortex A-8 and a TI C674X DSP, each running at over 1GHz.  The Cortex A-8 can be exploited with Variant 1 (CVE-2017-5753) and Variant 2 (CVE-2017-5715) but not Variant 3/3a (CVE-2017-5754).  Both Variant 1 and 2 are susceptible to Spectre exploits where as Variant 3 requires a Meltdown exploit.

To protect against Variant 1 would require us to recode any pointer references that instruct the compiler to avoid speculation in advance dereferencing of those pointers.  This is a major undertaking and would protect you from a third party that happened to be running user mode code on your radio.  It is also possible that the performance penalties would cause a reduction in available functionality of the radio (most companies implementing anti-Spectre code are reporting 30-50% performance hits).  As mentioned before, this would only happen in the case of a waveform module as far as we've been able to determine.  A much more likely exploit, in my mind, would be to use an open source ham radio digital mode program to gain control of your Windows PC and grab financial information there.  It sure seems like a more lucrative and effective attack, but again limits the attack space because of the low numbers of ham radio operators.  Nothing is impossible, but these new exploits seem like a lower payoff than other exploits that could be undertaken.  

At this time, it appears that the Cortex A8's Variant 2 issue has no fix from ARM.  The same thinking, however, applies as with variant 1.  If this is something you are personally concerned about, just don't install waveform modules at all.  As a result of the information we have today, we have no plans at this time to deploy code protections against Spectre and Meltdown exploits are not possible on the processor we use.

Rhett Aultman

Thanks, Steve.  For what it's worth, I've been going through this with my own product today (which uses Cortex A9).

Steve-N5AC

Many of my friends are also.  I feel especially bad for the ones at data centers who MUST patch and consequently may need to buy more hardware to solve the performance reduction.

Rhett Aultman

IOT does make it worse.  The really good news is a lot of common IOT processors weren't impacted today.  Aside from that, this particular attack is for uncovering privileged information, which is to say for many IOT things it only becomes an easy attack if you have another attack to get in in the first place.  Far more unnerving to me was the Blueborne exploit from earlier this year, which can give root access to a number of devices through the Bluetooth pairing system.

Peter K1PGV

 If this is something you are personally concerned about, just don't install waveform modules at all.  

This.

While I realize Steve has made the definitive comment on this already, I still wanted to follow-up.

Meltdown and Spectre don't have any practical implication for Flex radios themselves. In addition to the fact that you'd have to run unvetted 3rd party code on your radio that attempted to exploit these vulnerabilities (just don't do that), these are "information disclosure" vulnerabilities. You're not storing password or cryptographic keys on your radio... there just isn't much significant "information" on your radio that you have to be concerned about "disclosing."

Given that we therefore don't care about these vulnerabilities on the radio itself, we all certainly *do* care about these vulnerabilities on the Windows system that runs SmartSDR for your radio. My understanding is that updates for Windows to counteract at least part of these vulnerabilities are being pushed starting today. Yet another reason to never disable Windows updates, right?

These vulnerabilities are quite complex and subtle to exploit, and folks have been working on compensations for them for about six months. While the real-world impacts are currently difficult to assess, I'd recommend being sure you update the OS software (regardless of vendor) on any general purpose computer.  Given the type of exploit, I am personally far less concerned about this thread on IoT devices.

I hope that's helpful,

Peter
K1PGV
 

Scott Russell - N1SER

Thanks Steve for the details reply and yes... I'm in the later in that I work in a large IT organization on the Windows server side... it's been a fun day and I'm sure many more to come. As for Flex and the processor flaw, it was the performance hit that initially concerned me.

Scott Russell - N1SER

Yes, very good info Peter. Also, this is a hardware flaw as well and expect possible firmware updates to your computer systems as well as software is only have the fix.

Martin AA6E

Steve has gone well beyond the call of duty with this info, but I appreciate that.

From my reading, the most likely vulnerability the typical user would have would come from web sites that can run JavaScript attacks.  If you get onto such a site, you're pretty much defenseless.

So update your OS as soon as you can.  The Windows 10 update is supposed to go live in about 30 minutes! Alas, we will have to live with some performance hits.

73 Martin AA6E

Michael Coslo

Hope this update goes better than the last one. My new laptop became destabilized and the update didn't install properly. The cure as dictated by Microsoft was to disable the firewall and virus checker and try downloading and updating again. 8 hours of the laptop sitting **** on the internet. Yikes!

Tim - W4TME

You don't use a border firewall at your Internet ingress point?

Rick W7YP

Spot on, Steve!  Apparently AMD's processors aren't vulnerable to Meltdown but are to Spectre.  There may be an AMD Ryzen-based PC in my future.

Rick W7YP

My Windows 10 PC just did the update.  The biggest hit I've seen so far is on SSD 4K reads.  Almost a 25% performance hit.  I'll have to run some other benchmarks when I get the time in order to get a broader assessment.

Mark K1LSB

Same here, on SSD 4K reads I'm seeing a tad over 25% performance hit.

Jd Dupuy

I wish I had not read Steve's whole explanation. Now I realize how dumb I am when it comes to what is inside the magic black box that brings so much joy. Building houses is easier as long as you get Part A and B joined together correctly. Lol

Martin AA6E

I see ~50% slowdown on SSD reads, but my SSD is blinding fast even so.  Running Passmark, I see an overall change under 1%.  This is on a  i5-7260U CPU @ 2.20GHz (a NUC).  Older CPUs are supposed to have worse results.

Rick W7YP

Mine is an i7-5930K @ 3.5 GHz.  Being a Haswell CPU, it's supposed to be less affected than some others.  I'll see if the other benchmarks back that up.

Ross - K9COX

With all due respect Flex radios are not exactly a priority for the evildoers.

Peter K1PGV

The larger number of transitions that there are between user-mode and kernel-mode, the more impact you'll see.  So, while disk I/O speed itself is not affected, the overhead of processing disk I/Os will be.

I haven't done any actual measurements yet, but I bet you'll see more slowdown the smaller the I/O operations you perform.  That is, if you read/write 1GB in 64K chunks, it'll be slower (as a percentage) than if you read/write 1GB in 1MB chunks.

Every time you switch in to and out of the operating system (such as when you do a Create, Close, Read, or Write), you're going to pay a performance penalty.  After Intel does their CPU firmware update (mentioned by Scott Russel, above) that penalty should be slightly smaller as well.  But, I have to admit, I don't yet understand some of the "branch prediction poisoning/invalidation" mitigation code fully.

Peter
K1PGV

David H Hickman

That was a great response.  I have been answer some form of that question all week for clients actually affected by the issue.

The simple response is that the flexradio does not run local user installed apps or have a common method to log into the radio. Like the Maestro, I hope it never allows third party apps. This kind of stuff is the reason why third party apps on a closed platform can be a bad thing.

Next the radio is hard to detect in the first place as a Linux box. For it to be detected and possibly compromised, your local network and computer has to already have been penetrated. If that is the case you have other things to worry about.

The only thing that could happen to the Flex is if you leave it on and someone could play with it. Most of the people in the world who have any clue on how to abuse this are probably on this forum and are licensed hams in the first place, thus it is more likely a bad actor will use your computer to be in a botnet of some kind that play with your radio or sniff for passwords, and other interesting data.