Meltdown and Spectre processor flaws

From the explanation on the internet ALL related processors are affected that use ARM, Intel and one other one so if any of these processors are used in flex products then they are also affected. It is a chip manufacturing related issue when the chips are created at the various factories which has been discovered so all processors listed from the chip manufacturer will be affected. Just like a data breach there is no free pass.

Of course, it's best for Flex to get out their own formal announcement, but seeing as I've been going through this with my own products, exposure to this really depends on what kinds of vectors for installing unwanted software on a Flex there are.  Meltdown and Spectre are both attacks that allows Program 1 to exploit hardware features that let it peek in on memory in the kernel or from Program 2.  So, a practical attack for a "close appliance" like Flex would be to install a program which then uses an attack based on Meltdown or Spectre to steal privileged information from the system.

This is obviously a problematic attack vector for a PC or smartphone (ARM processors are impacted, too, BTW), where the attack can hide in plain sight in an otherwise normal-seeming application, but it's less of a concern for a Flex, where the product security model should already be preventing access to the device to install software other than that which Flex approves of.

I actually can't see what CPU models the Flex-6000 family uses.  Does anyone know?

We are still studying the vulnerabilities, and I'll comment later in this post what we know.  From a practical standpoint, what you really need to understand is how these might affect your radio operations.  To the best of our knowledge, FLEX series radios will be unaffected (FLEX-5000, 3000 and 1500) as well as the SDR-1000 which does not have a processor of any kind.  The processors in the earlier FLEX series are a lower-speed processor that is A) not likely to have the issues at all and B) never runs code other than FlexRadio code.  As for the FLEX-6000 Signature Series, all of these systems use a daVinci processor designed by Texas Instruments that contains an ARM processor (see text below on vulnerabilities).  Even though the core processor does have vulnerability exposure, what you need to consider, again from a practical standpoint, is how it would be exploited.  

Today the FLEX-6000 Signature Series radios only run three types of software: the Linux kernel and associated file system, software designed by FlexRadio and finally the possibility exists for third parties to make waveform modules to implement additional modes.  If you wanted to exploit a vulnerability in a radio, there are much easier ways than to craft a specific exploit than for Meltdown or Spectre.  But assuming that someone wanted to do this, the waveform module is, today, the only mechanism that a third party could exploit easily.  So, as with all things, consider the source of any waveform module you decide to install.  If it originates from a <name your favorite unstable regime> country and comes from a computer programmer that goes by the hacker alias d13rAd1O, you might want to pass on installing it.

These vulnerabilities are of concern because of two key exploit vectors: 1) At multi-customer computer centers (read cloud servers, web servers, database servers, etc) where a given machine is simultaneously running code from many parties, you might be concerned about access to sensitive corporate or customer data.  2) On a private individual or company computer, you might be concerned about installing software that could bypass some security protections you've enabled and gain access to data you would otherwise not allow.  When you consider the risk of a vulnerability you should always consider the benefit to the individual perpetrating an attack.  An attack on one of our radios has a low multiplicative effect (there are not 10,000,000 radios that you could systematically attack) and probably a low benefit (you can't steal valuable customer information, credit cards, financial records, etc. directly).  Nothing is ever totally secure, including every IoT device or other radio you own, but I think the likelihood of an exploit that would cause our customers grief is low.  We are continuing to consider and evaluate what we read, of course, but this is the thinking today.

For the technically minded, the primary processor we use is a Texas Instruments TMS320DM8168 which contains an ARM Cortex A-8 and a TI C674X DSP, each running at over 1GHz.  The Cortex A-8 can be exploited with Variant 1 (CVE-2017-5753) and Variant 2 (CVE-2017-5715) but not Variant 3/3a (CVE-2017-5754).  Both Variant 1 and 2 are susceptible to Spectre exploits where as Variant 3 requires a Meltdown exploit.

To protect against Variant 1 would require us to recode any pointer references that instruct the compiler to avoid speculation in advance dereferencing of those pointers.  This is a major undertaking and would protect you from a third party that happened to be running user mode code on your radio.  It is also possible that the performance penalties would cause a reduction in available functionality of the radio (most companies implementing anti-Spectre code are reporting 30-50% performance hits).  As mentioned before, this would only happen in the case of a waveform module as far as we've been able to determine.  A much more likely exploit, in my mind, would be to use an open source ham radio digital mode program to gain control of your Windows PC and grab financial information there.  It sure seems like a more lucrative and effective attack, but again limits the attack space because of the low numbers of ham radio operators.  Nothing is impossible, but these new exploits seem like a lower payoff than other exploits that could be undertaken.  

At this time, it appears that the Cortex A8's Variant 2 issue has no fix from ARM.  The same thinking, however, applies as with variant 1.  If this is something you are personally concerned about, just don't install waveform modules at all.  As a result of the information we have today, we have no plans at this time to deploy code protections against Spectre and Meltdown exploits are not possible on the processor we use.

 If this is something you are personally concerned about, just don't install waveform modules at all.  

This.

While I realize Steve has made the definitive comment on this already, I still wanted to follow-up.

Meltdown and Spectre don't have any practical implication for Flex radios themselves. In addition to the fact that you'd have to run unvetted 3rd party code on your radio that attempted to exploit these vulnerabilities (just don't do that), these are "information disclosure" vulnerabilities. You're not storing password or cryptographic keys on your radio... there just isn't much significant "information" on your radio that you have to be concerned about "disclosing."

Given that we therefore don't care about these vulnerabilities on the radio itself, we all certainly *do* care about these vulnerabilities on the Windows system that runs SmartSDR for your radio. My understanding is that updates for Windows to counteract at least part of these vulnerabilities are being pushed starting today. Yet another reason to never disable Windows updates, right?

These vulnerabilities are quite complex and subtle to exploit, and folks have been working on compensations for them for about six months. While the real-world impacts are currently difficult to assess, I'd recommend being sure you update the OS software (regardless of vendor) on any general purpose computer.  Given the type of exploit, I am personally far less concerned about this thread on IoT devices.

I hope that's helpful,

Peter
K1PGV
 

Steve has gone well beyond the call of duty with this info, but I appreciate that.

From my reading, the most likely vulnerability the typical user would have would come from web sites that can run JavaScript attacks.  If you get onto such a site, you're pretty much defenseless.

So update your OS as soon as you can.  The Windows 10 update is supposed to go live in about 30 minutes! Alas, we will have to live with some performance hits.

73 Martin AA6E

With all due respect Flex radios are not exactly a priority for the evildoers.

That was a great response.  I have been answer some form of that question all week for clients actually affected by the issue.

The simple response is that the flexradio does not run local user installed apps or have a common method to log into the radio. Like the Maestro, I hope it never allows third party apps. This kind of stuff is the reason why third party apps on a closed platform can be a bad thing.

Next the radio is hard to detect in the first place as a Linux box. For it to be detected and possibly compromised, your local network and computer has to already have been penetrated. If that is the case you have other things to worry about.

The only thing that could happen to the Flex is if you leave it on and someone could play with it. Most of the people in the world who have any clue on how to abuse this are probably on this forum and are licensed hams in the first place, thus it is more likely a bad actor will use your computer to be in a botnet of some kind that play with your radio or sniff for passwords, and other interesting data.