Check out whatreallyhappened.com

LATEST SITE ACTIVITY 12160.info/m

Spectre and Meltdown make anything with chip in it vulnerable, but Raspberry Pi is safe

Raspberry Pi 1 — Intel 0

Spectre and Meltdown make anything with chip in it vulnerable, but Raspberry Pi is safe

January 8, 2018 Jane Elizabeth

Meltdown and Spectre affect nearly everything that’s got a chip in them. But somehow single-board computers like the Raspberry Pi have managed to avoid this vulnerability. How?


Nothing like starting the new year with a security flaw that affects more or less every computer system in th.... Last week we all discovered that pretty much anything with a chip is affected by Spectre and Meltdown, a pair of silicon security flaws that are likely to haunt our steps for a good long time. Basically, anyone with an Intel processor is vulnerable. If you’re running an AMD or ARM processor, you’re likely vulnerable as well.

The only people looking to be safe from this security flaw? Raspberry Pi users, of all things. Those lucky ducks.

What is Spectre? And Meltdown? And why the heck am I vulnerable?

The Register broke the news last week with some very smart reporting about the Intel vulnerability. TechCrunch also has a nice explainer, which you can read here. In essence, both Spectre and Meltdown are security flaws on the chip-level that allow sensitive inside computer systems to be exposed.

Basically, it’s a problem with the chip’s architecture. These bugs are present in all modern Intel processors produced in the past decade.

Meltdown is specific to Intel processors. “It works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.”

Spectre affects Intel, AMD, and ARM processors. This means that basically anything with a chip in it is vulnerable, including mobile phones, embedded devices, and more. Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. (If you want to read a really excellent layman’s explanation of Spectre, security expert Joe Fitz has a great twitter thread on how it all works.)

SEE MORE: Schools aren’t teaching enough security skills, DevOps pa...

So why isn’t Raspberry Pi vulnerable?

Well, as a matter of course, Raspberry Pi runs on an ARM Cortex-A53, making it safe from Meltdown. However, most devices with ARM and AMD cores also use caching and speculative execution, which means they’re vulnerable to Spectre. Raspberry Pi doesn’t, making it one of the few devices on the market that’s free and clear.

The Raspberry Pi blog has an excellent post up explaining exactly how their devices are safe from Meltdown and Spectre. It turns out that the basic lack of caching and speculation in Raspberry Pi is enough to keep things good. If you’re interested, they have an extensive walk-through of the internal logic which Raspberry Pi uses instead of these two techniques. As they conclude,

“Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve. Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality.

The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort.”

SEE MORE: What’s coming in 2018: Digital privacy and security predi...

How do we fix this?

For those of us not using Raspbery Pi, the outlook is a little bleak. Meltdown can be fixed with some band-aids and a stronger wall around the kernel. This may cost us all anywhere from 5% to 30% in performance.

Spectre, on the other hand, is a bit trickier to deal with.  It is literally hard wired into the chip. So, we’re looking a long lead time as researchers, engineers, and developers have to come up with a brand new chip architecture or some clever kernel-level work-arounds. How long? Think years.

So, in the meantime, accept all those OS updates coming your way and maybe think about switching to a Raspberry Pi-based computer lifestyle. It’s the only way to be sure.

Author
Jane Elizabeth
Jane Elizabeth is an assistant editor for JAXenter.com

Views: 25

 

 

Latest Activity

cheeki kea replied to Central Scrutinizer's discussion Alternative News Sources
"Wow ! Spoilt for choice."
8 minutes ago
cheeki kea commented on guest_blog's page Donations for 12160.info - "Paypal" Option
"Can I use Western union to transfer donation ? Is there an account number to send to. I don't have any bank cards."
28 minutes ago
Chris of the family Masters commented on Boris Badenov's blog post Zappa - Central Scrutinizer
"Sadly killed by Pharma for profit, like countless other..."
35 minutes ago
cheeki kea replied to truth's discussion New Site Look... What ya think ?
"Sounds good."
48 minutes ago
Bert commented on Bert's photo
Thumbnail

Cliff with another Paedo friend Saville

"another day another transplant :)"
1 hour ago
Central Scrutinizer commented on Central Scrutinizer's group The Social Network AssKlown Circus
"Obama loses 2 million of his fake Twitter followers"
1 hour ago
Bert commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"presumably Browder still ripped off 1.5 billion, Clinton got short changed "
1 hour ago
Bert commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"Trump meant to say i don't see why they wouldn't lol double negative, play the game,  "
1 hour ago
Bert commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"tongues slipping everywhere like an epileptic at an ice rink"
1 hour ago
Bert commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"ok i see now he says it was a slip of the tongue, he's such a rogue"
1 hour ago
Bert commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"rivero came out today and said looks like it is 400 mill, 400,000 is chicken feed, not sure what to believe on this one, it got a mention on stone, either way i'll still sleep tonight :) "
1 hour ago
Central Scrutinizer favorited Bert's video
1 hour ago
Central Scrutinizer favorited Bert's video
1 hour ago
Central Scrutinizer commented on Central Scrutinizer's group The Social Network AssKlown Circus
"Facebook and Twitter are being used to manipulate public opinion ..."
1 hour ago
Boris Badenov favorited James Power's photo
1 hour ago
Central Scrutinizer commented on Anti Everything's blog post Children As 'Tools'
"UK GOVERNMENT DEFENDS THE USE OF UNDER 16S AS COVERT OPERATIVES"
1 hour ago
Central Scrutinizer commented on Bert's blog post PUTIN DROPS BOMB AT HELSINKI PRESSER: Says US Intelligence Helped Move $400,000,000 to HILLARY Campaign!! (VIDEO)
"Update: Putin Now Says the Amount Was $400,000 Via: The Intercept: The Russian president, Vladimir Putin, dashed the hopes of conspiracy theorists across America on Tuesday by withdrawing the startling claim he made the day before in Helsinki,…"
1 hour ago
Central Scrutinizer added a discussion to the group The Social Network AssKlown Circus
Thumbnail

Social media, politics, and the bubble of distraction

Social media, politics, and the bubble of distractionAdriana StanTom GoodwinApr 16, 2018When the President changes our country so…See More
1 hour ago
James Power's photo was featured

NSA Hands ALL Raw Spying data to Israel of U.S. citizens.

Is this treason. see below for full story.…
1 hour ago
cheeki kea commented on Bert's photo
Thumbnail

Cliff with another Paedo friend Saville

"No need to get drunk Bert. There's thousands of these sick individuals everywhere. Think of your liver."
1 hour ago

Please remember this website is supported by your donations...

© 2018   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2015 - all rights reserved. unless otherwise noted