Security vulnerabilities in computer hardware

2018-08-26

in Geek stuff, Internet matters, Security

Why is trustworthy computer security impossible for ordinary users? In part because the system has multiple levels at which failure can occur, from hardware to operating systems and software.

Spectre and Meltdown show that no matter how careful you are about the operating sytem and software you run you can still be attacked using the underlying hardware. Another bug included at least in some VIA C3 x86 processors has similar ramifications.

These kinds of problems will be much worst with the “Internet of Things”, since bugs like Heartbleed will go unpatched, or even be unpatchable, in a lot of embedded computing applications for consumers.

{ 3 comments… read them below or add one }

Anon August 27, 2018 at 1:37 am

And so much wireless traffic to attack these days. wifi networks. Cell networks. Keycards and fobs

. August 30, 2018 at 2:56 am

Ever since Meltdown and Spectre were disclosed, Intel’s various customers have been asking how long it would take for hardware fixes to these problems to ship. The fixes will deploy with Cascade Lake, Intel’s next server platform due later this year, but the company is finally lifting the lid on some of those improvements and security enhancements at Hot Chips this week.

One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It’s hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel’s guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn’t willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel’s Data Center Group, told AnandTech that the new hardware solutions would have an “impact” on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that’s the “classic” Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.

https://tech.slashdot.org/story/18/08/21/2148257/intel-details-cascade-lake-hardware-mitigations-for-meltdown-spectre

. September 1, 2018 at 11:29 pm

Leave a Comment

Previous post:

Next post: