Meltdown and Spectre
January 30, 2018
The IT world is currently hit by shock waves due to the discovery of two critical security vulnerabilities affecting central processing units (CPUs). Since the vulnerabilities were revealed, much speculation has flourished about which CPUs are affected. The CPU used in Develco Products’ Squid.link Gateway is not affected.
The two vulnerabilities, named Meltdown and Spectre, were discovered last year by Google’s Project Zero team, academic institutions, and private companies. Both the vulnerabilities make it possible for attackers to read sensitive information, such as passwords and encryption keys, in the memory of most devices.
Leading chip producers at risk
The initial announcement made by Google’s Project Zero states that CPUs from top chip makers, including Intel, Advanced Micro Devices (AMD), and ARM Holdings, are affected. Despite this announcement, determining which chips are affected is complex.
Meltdown is specific to Intel chips. It allows malicious actors to circumvent the isolation barrier between user applications and operating systems. In this way, access can be opened up to otherwise confidential memory. With Spectre, on the other hand, attackers can pry sensitive information out of the memory of devices running AMD, ARM, as well as Intel.
Squid.link Gateway not affected
The Squid.link Gateway uses an ARM chip, which is not affected by Meltdown. Moreover, the ARM9 32-bit architecture, used in the gateway, is not affected by Spectre. This means that despite ARM chips being at risk of Spectre, Develco Products’ gateway is not affected by this vulnerability.