- 68 Posts
- 13 Reply Likes
Posted 1 year ago
- 614 Posts
- 86 Reply Likes
- 31 Posts
- 9 Reply Likes
This is obviously a problematic attack vector for a PC or smartphone (ARM processors are impacted, too, BTW), where the attack can hide in plain sight in an otherwise normal-seeming application, but it's less of a concern for a Flex, where the product security model should already be preventing access to the device to install software other than that which Flex approves of.
I actually can't see what CPU models the Flex-6000 family uses. Does anyone know?
Steve K9ZW, Elmer
- 1306 Posts
- 664 Reply Likes
Believe the radios internally use unaffected processors and a different system.
The Maestro and 6400M/6600M would have the processors and software systems that contain potential Meltdown & Spectre exploits, while being FRS configured to be very restrictive for exploitable software introduction by design in their embedded usage.
Would think the processors in a lot, if not most, "SmartSDR for Windows" and "SmartSDR for iOS" platforms are in the list of potentially exploitable hardware/software situations.
These exploits are very interesting, as one would imagine there are a lot - HUGE LOT - of potentially exploitable parts of the IOT. Will your car be affected, especially as many basically contain one or more cellphone-type setups on board? Or that pad being used as Flight Navigation by the pilot flying your charter plan?
73
Steve K9ZW
- 31 Posts
- 9 Reply Likes
Steve - N5AC, VP Engineering / CTO
- 1045 Posts
- 1023 Reply Likes
Today the FLEX-6000 Signature Series radios only run three types of software: the Linux kernel and associated file system, software designed by FlexRadio and finally the possibility exists for third parties to make waveform modules to implement additional modes. If you wanted to exploit a vulnerability in a radio, there are much easier ways than to craft a specific exploit than for Meltdown or Spectre. But assuming that someone wanted to do this, the waveform module is, today, the only mechanism that a third party could exploit easily. So, as with all things, consider the source of any waveform module you decide to install. If it originates from a <name your favorite unstable regime> country and comes from a computer programmer that goes by the hacker alias d13rAd1O, you might want to pass on installing it.
These vulnerabilities are of concern because of two key exploit vectors: 1) At multi-customer computer centers (read cloud servers, web servers, database servers, etc) where a given machine is simultaneously running code from many parties, you might be concerned about access to sensitive corporate or customer data. 2) On a private individual or company computer, you might be concerned about installing software that could bypass some security protections you've enabled and gain access to data you would otherwise not allow. When you consider the risk of a vulnerability you should always consider the benefit to the individual perpetrating an attack. An attack on one of our radios has a low multiplicative effect (there are not 10,000,000 radios that you could systematically attack) and probably a low benefit (you can't steal valuable customer information, credit cards, financial records, etc. directly). Nothing is ever totally secure, including every IoT device or other radio you own, but I think the likelihood of an exploit that would cause our customers grief is low. We are continuing to consider and evaluate what we read, of course, but this is the thinking today.
For the technically minded, the primary processor we use is a Texas Instruments TMS320DM8168 which contains an ARM Cortex A-8 and a TI C674X DSP, each running at over 1GHz. The Cortex A-8 can be exploited with Variant 1 (CVE-2017-5753) and Variant 2 (CVE-2017-5715) but not Variant 3/3a (CVE-2017-5754). Both Variant 1 and 2 are susceptible to Spectre exploits where as Variant 3 requires a Meltdown exploit.
To protect against Variant 1 would require us to recode any pointer references that instruct the compiler to avoid speculation in advance dereferencing of those pointers. This is a major undertaking and would protect you from a third party that happened to be running user mode code on your radio. It is also possible that the performance penalties would cause a reduction in available functionality of the radio (most companies implementing anti-Spectre code are reporting 30-50% performance hits). As mentioned before, this would only happen in the case of a waveform module as far as we've been able to determine. A much more likely exploit, in my mind, would be to use an open source ham radio digital mode program to gain control of your Windows PC and grab financial information there. It sure seems like a more lucrative and effective attack, but again limits the attack space because of the low numbers of ham radio operators. Nothing is impossible, but these new exploits seem like a lower payoff than other exploits that could be undertaken.
At this time, it appears that the Cortex A8's Variant 2 issue has no fix from ARM. The same thinking, however, applies as with variant 1. If this is something you are personally concerned about, just don't install waveform modules at all. As a result of the information we have today, we have no plans at this time to deploy code protections against Spectre and Meltdown exploits are not possible on the processor we use.
- 31 Posts
- 9 Reply Likes
Steve - N5AC, VP Engineering / CTO
- 1045 Posts
- 1023 Reply Likes
- 68 Posts
- 12 Reply Likes
- 72 Posts
- 42 Reply Likes
- 155 Posts
- 60 Reply Likes
Peter K1PGV, Elmer
- 541 Posts
- 315 Reply Likes
If this is something you are personally concerned about, just don't install waveform modules at all.This.
While I realize Steve has made the definitive comment on this already, I still wanted to follow-up.
Meltdown and Spectre don't have any practical implication for Flex radios themselves. In addition to the fact that you'd have to run unvetted 3rd party code on your radio that attempted to exploit these vulnerabilities (just don't do that), these are "information disclosure" vulnerabilities. You're not storing password or cryptographic keys on your radio... there just isn't much significant "information" on your radio that you have to be concerned about "disclosing."
Given that we therefore don't care about these vulnerabilities on the radio itself, we all certainly *do* care about these vulnerabilities on the Windows system that runs SmartSDR for your radio. My understanding is that updates for Windows to counteract at least part of these vulnerabilities are being pushed starting today. Yet another reason to never disable Windows updates, right?
These vulnerabilities are quite complex and subtle to exploit, and folks have been working on compensations for them for about six months. While the real-world impacts are currently difficult to assess, I'd recommend being sure you update the OS software (regardless of vendor) on any general purpose computer. Given the type of exploit, I am personally far less concerned about this thread on IoT devices.
I hope that's helpful,
Peter
K1PGV
- 68 Posts
- 12 Reply Likes
- 299 Posts
- 60 Reply Likes
From my reading, the most likely vulnerability the typical user would have would come from web sites that can run JavaScript attacks. If you get onto such a site, you're pretty much defenseless.
So update your OS as soon as you can. The Windows 10 update is supposed to go live in about 30 minutes! Alas, we will have to live with some performance hits.
73 Martin AA6E
- 911 Posts
- 234 Reply Likes
Tim - W4TME, Customer Experience Manager
- 9153 Posts
- 3496 Reply Likes
- 72 Posts
- 42 Reply Likes
- 65 Posts
- 13 Reply Likes
- 299 Posts
- 60 Reply Likes
- 72 Posts
- 42 Reply Likes
Peter K1PGV, Elmer
- 541 Posts
- 315 Reply Likes
I haven't done any actual measurements yet, but I bet you'll see more slowdown the smaller the I/O operations you perform. That is, if you read/write 1GB in 64K chunks, it'll be slower (as a percentage) than if you read/write 1GB in 1MB chunks.
Every time you switch in to and out of the operating system (such as when you do a Create, Close, Read, or Write), you're going to pay a performance penalty. After Intel does their CPU firmware update (mentioned by Scott Russel, above) that penalty should be slightly smaller as well. But, I have to admit, I don't yet understand some of the "branch prediction poisoning/invalidation" mitigation code fully.
Peter
K1PGV
- 340 Posts
- 104 Reply Likes
- 46 Posts
- 3 Reply Likes
The simple response is that the flexradio does not run local user installed apps or have a common method to log into the radio. Like the Maestro, I hope it never allows third party apps. This kind of stuff is the reason why third party apps on a closed platform can be a bad thing.
Next the radio is hard to detect in the first place as a Linux box. For it to be detected and possibly compromised, your local network and computer has to already have been penetrated. If that is the case you have other things to worry about.
The only thing that could happen to the Flex is if you leave it on and someone could play with it. Most of the people in the world who have any clue on how to abuse this are probably on this forum and are licensed hams in the first place, thus it is more likely a bad actor will use your computer to be in a botnet of some kind that play with your radio or sniff for passwords, and other interesting data.
Related Categories
-
FLEX-6700 Signature Series SDR
- 2849 Conversations
- 590 Followers
-
FLEX-6500 Signature Series SDR
- 3385 Conversations
- 874 Followers
-
FLEX-6700R Signature Series SDR
- 792 Conversations
- 146 Followers
-
FLEX-6300 Signature Series SDR
- 2775 Conversations
- 798 Followers
-
Third Party Applications and Products
- 861 Conversations
- 236 Followers
-
Maestro
- 1048 Conversations
- 264 Followers
-
SmartSDR for iOS
- 371 Conversations
- 118 Followers
-
FLEX-6400 Signature Series SDR
- 727 Conversations
- 121 Followers
-
FLEX-6400M Signature Series SDR
- 706 Conversations
- 102 Followers
-
FLEX-6600 Signature Series SDR
- 810 Conversations
- 127 Followers
-
FLEX-6600M Signature Series SDR
- 837 Conversations
- 122 Followers