Highlighted
New Member
Posts: 4
Registered: ‎12-23-2017
Kudos: 1

Meltdown and Spectre Exploits

As I understand the situation, the metldown exploit is thought to mostly affect Intel x86 processors. However, Spectre is noted to affect x86 intel/amd as well as ARM CPUs. Should we be expecting kernal patches for ubiquity products in the near future to correct any potential exploits or is the arcitecture used in Ubiquity products unaffected by both these exploits?

New Member
Posts: 4
Registered: ‎12-23-2017
Kudos: 1

Re: Meltdown and Spectre Exploits

Forgot to include links to overview and published whitepapers of the exploits.

 

General expoit overviews, description, whitepapers: https://spectreattack.com/

 

Statement regarding ARMs effected: https://developer.arm.com/support/security-update

New Member
Posts: 1
Registered: ‎01-04-2018
Kudos: 2

Re: Meltdown and Spectre Exploits

Along the same lines, is it known if these exploits will work against MIPS architecture? Specifically EdgeRouter X?

Emerging Member
Posts: 58
Registered: ‎07-07-2015
Kudos: 9

Re: Meltdown and Spectre Exploits

Yes Id like a response on this query too.

 

 

New Member
Posts: 1
Registered: ‎11-30-2017
Kudos: 1

Re: Meltdown and Spectre Exploits

+1 for a statement so we can either add Ubiquiti infrastructure to the list of infrastructure to patch or get back to patching the rest of our world(s).

Member
Posts: 247
Registered: ‎11-16-2013
Kudos: 20
Solutions: 1

Re: Meltdown and Spectre Exploits

I tried to look for details about MIPS64. Nothing yet. Just ARM. Which means all those dodgy routers with out of date software and Linux security holes. Are a massive target. 

SuperUser
Posts: 14,511
Registered: ‎12-08-2008
Kudos: 11291
Solutions: 693
Contributions: 1

Re: Meltdown and Spectre Exploits

My security guys have been looking at this for several days now, but since the security embargo broke down this morning with Intel and AMD arguing publicly about who's processors are vulnerable and who's to blame, everyone is finding out now.   When it shows up on bloomberg.com you know the entire world knows, and the panic in the media isn't far behind...

 

Win10 is supposed to be patched today with a emergency patch; Android likewise, and that will take care of the majority of ARM platforms.   Linux distros are also coming out with this now or shortly.   No PoC for MIPS has been shown yet, so it's not clear wether they are vulnerable or not.

 

Couple of things - the breakdown in the embargo caught everyone by surprise, so many vendors don't have patches yet.   Expect that to change quickly

 

This explout can't be done remotely - it requires running code in your local hardware itself.  So good firewalling and limiting the attack surface will help prevent it.

 

It's also a slow exploit - one variant can take 30 minutes of initialization before data starts to leak, and even then it's only in the 1.5-2K Bytes per second range.   Not good, but it's a help.

 

Your and your customer's PCs and phones are the most vulnerable things in this.   Fortunately Google has been working on this for almost a year, and first reported it to the hardware and security folks in June.   So it's not something completely new.

 

But this is a big deal.   Plus, the Intel patches at least cause a performance hit, maybe as much as 20-30% - the vulnerability is part of the CPU optimization doing predictive execution of code branches in the program, so eliminating it without hardware changes means disabling some CPU optimization.   see    https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html   for the real skinny (warning - it's very wonkish - if you don't understand  CPU design you may just want to skim it...)    

 

The good news is it's being handled.   The bad news is it's very real.   I'm sure UBNT is working on this as we speak, but again since it's hardware related, and MIPS isn't the biggest target out there, and there's no PoC for their architecture, we may all be spared in the end.

Jim

" How can anyone trust Scientists? If new evidence comes along, they change their minds! " Politician's joke (sort of...)
"Humans are allergic to change..They love to say, ‘We’ve always done it this way.’ I try to fight that. "Admiral Grace Hopper, USN, Computer Scientist
"It's not Rocket Science! - Oh wait, Actually it is... "NASA bumper sticker
"Just because you can do something doesn't mean you should."my mantra in the Programming classes I used to teach once upon a time...
Member
Posts: 247
Registered: ‎11-16-2013
Kudos: 20
Solutions: 1

Re: Meltdown and Spectre Exploits

The exploit can be done with javascript based attacks. Hence remote attack. 

Many devices with ARM like on routers would have out of date software thanks to planned obosoletness. So hopefully this is a wake up call to planned obsoleteness and out of date firmares. Many have other security holes no doubt. 

I don't think Samsung has even released the November security level for Krak patches for instance. I'm not even sure how they are going to handle this update considering they also dont supply updates to older devices. 

Member
Posts: 247
Registered: ‎11-16-2013
Kudos: 20
Solutions: 1

Re: Meltdown and Spectre Exploits

Older Idevices are affected. And they already suffer planned obsoleteness issues not getting current IOS. 

"

Apple has been mum on this whole issue, but even though it makes its own processors for iOS devices, some are still likely affected. Apple bases its A-series chips on ARM architecture, including some susceptible processors. According to ARM, the following chips and phones may be affected:

  • Cortex-A8: iPhone 4
  • Cortex-A9: iPhone 4s
  • Cortex-A15: iPhone 5, 5C

Again, Apple hasn’t issued any kind of statement about the vulnerability or its impact on iPhones, so it’s possible that Apple either patched the bug in a prior version of iOS or avoided it entirely when designing the chip."

https://www.pcworld.com/article/3245790/mobile/spectre-cpu-faq-phones-tablets-ios-android.html

New Member
Posts: 3
Registered: ‎02-10-2016
Kudos: 2

Re: Meltdown and Spectre Exploits

I would also like to know if this is going to require an update for the Edgemax?  

 

My 2 cents, this isn't a panic situation, the ones that paniced were the clould providers as the exploit could be used to jump systems and get data from the host as well as other VM's.  Those systems are now patched and were getting patched prior to the public release of the exploits!  Our router is low on the list, but as I'm currently planning the rollout of prevention companywide it did come up on my radar!

 

Chins up folks, this could have been far worse!

 

 

New Member
Posts: 3
Registered: ‎12-17-2015
Kudos: 1

Re: Meltdown and Spectre Exploits

Apple:

https://support.apple.com/en-us/HT208394

 

Mitigations are present in macOS 10.13.2 and iOS 11.2. Safari coming soon (guess: this week). Meanwhile Firefox was updated Jan 4 to mitigate the browser part of the problem. (I don't speak Chrome...my advanced Googlephobia.)

 

  --John Baxter

 

Member
Posts: 349
Registered: ‎03-02-2017
Kudos: 86
Solutions: 3

Re: Meltdown and Spectre Exploits

[ Edited ]
Established Member
Posts: 1,278
Registered: ‎09-03-2013
Kudos: 634
Solutions: 21

Re: Meltdown and Spectre Exploits

Figured I'd toss this out there, as went over it this morning, Spectre and RashberryPi(s).  Even though its Pi isn't effected, the explaination seems to be a good one. 

 

Post on Raspberrypi.org

 

SuperUser
Posts: 5,109
Registered: ‎12-03-2009
Kudos: 2000
Solutions: 114

Re: Meltdown and Spectre Exploits


@ZipVault wrote:

The beginning of a ubnt solution...

 

https://community.ubnt.com/t5/UniFi-Wireless-Beta/Feature-directive-Inform-lock-Spectre-fix/m-p/2196...

 

 

 


The post above is pure nonsense and has nothing to do with these exploits. 

SuperUser
Posts: 14,511
Registered: ‎12-08-2008
Kudos: 11291
Solutions: 693
Contributions: 1

Re: Meltdown and Spectre Exploits


@JimBouse wrote:

@ZipVault wrote:

The beginning of a ubnt solution...

 

https://community.ubnt.com/t5/UniFi-Wireless-Beta/Feature-directive-Inform-lock-Spectre-fix/m-p/2196...

 

 

 


The post above is pure nonsense and has nothing to do with these exploits. 


Yah I'm expecting to see a lot of misinformation about this in the next few days...

Jim

" How can anyone trust Scientists? If new evidence comes along, they change their minds! " Politician's joke (sort of...)
"Humans are allergic to change..They love to say, ‘We’ve always done it this way.’ I try to fight that. "Admiral Grace Hopper, USN, Computer Scientist
"It's not Rocket Science! - Oh wait, Actually it is... "NASA bumper sticker
"Just because you can do something doesn't mean you should."my mantra in the Programming classes I used to teach once upon a time...
Senior Member
Posts: 3,328
Registered: ‎08-06-2015
Kudos: 1432
Solutions: 192

Re: Meltdown and Spectre Exploits

There was a thread started in the EdgeMax beta forums on this too.

 

In short, there are multiple variations of attack against speculative execution.  Virtually every modern CPU does this and so virtually every modern CPU is potentially vulnerable.  "modern" is used very loosely here and actually extends to processors from the last century.

 

'Meltdown' is separated since it exploits a feature apparently unique to Intel CPUs using a permissions bypass.  This is the topic being argued between vendors, but the solution had already been developed previously in the ongoing research around address-space layout randomization (ASLR) bypasses.  This is the solution that has a performance impact and apparently only applies to Intel processors.

 

Moving on to Spectre, which has a set of variants all based entirely on speculative execution:

 

Since this is a processor-level vulnerabilitiy it would be relevent CPU/SoC vendors (Cavium, MediaTek, Broadcom, ???) to make a statement regarding their parts.  Whether or not UBNT is aware they may not be able to disclose this detail without approval of the respective CPU vendor.  To date I have not been able to find or obtain any clarification on MIPS-based platforms but the feeling is they may not be impacted.   That itself is pure speculation and not based on anything authoritative.

 

Spectre also can not be mitigated by the OS.  Some mitigation may be obtained at the application level, as is being done with browsers already.  There are some x86-based system-board manufacturers that are releasing BIOS updates with new processor microcode, which presumably attempts to alter speculative-execution behavior.  Details in this area are scarce but it is not believed these will be thoroughly effective, however.  Google has published some recommendations for compiler changes such that compiled binaries would make such "training" of branch prediction more difficult.  This would require all shared libraries and runtime environments be rebuilt, and would still not protect against specific static-bound binaries targeted at such exploits.

 

Looking at the product suites involved here:

 

On platforms such as APs where everything already runs under a single user such an attack would have no value and would not provide any additional access.

 

On platforms such as routers and switches where almost everything already runs with full privilege there would again be little value with no additional access provided.

 

Both Meltdown and Spectre require local access and neither is a remote exploit.  Yes, javascript is one vehicle for an attack, but technically that is still a local attack since it requires a local user to actually execute the JS.  This may be un-intentional, such as visiting a web page with an ad that delivers the malicious code, for instance, but that is still a local exploit.  If anyone chooses to install and run a browser on their routers or other network gear, then Spectre would be the least of their concerns.  Javascript, flash, or other client-side scripting would not be relevent for network gear.

 

 

 

The above doesn't mean some response at some point isn't needed but my $0.02 is that these types of attacks would be a lower-risk for most gear in scope here and not worthy of any panic.

 

Keep in mind that the disclosure embargo was originally set to expire on Tuesday (9 Jan) but was leaked early.  That left most vendors all around (Processor/SoC, system/hardware, OS, and application) scrambling as the panic and growing misinformation virtually exploded in a matter of hours.

 

Google's Project Zero has a good starting discussion:  

        Reading privileged memory with a side-channel

The two papers also referenced on that page are found at:

        Meltdown

        Spectre Attacks: Exploiting Speculative Execution

Veteran Member
Posts: 5,967
Registered: ‎07-03-2008
Kudos: 1889
Solutions: 140

Re: Meltdown and Spectre Exploits

[ Edited ]

https://www.wired.com/story/meltdown-and-spectre-vulnerability-fix/ has a nice overview that should be comprehensible by the majority of ordinary users.

Senior Member
Posts: 3,328
Registered: ‎08-06-2015
Kudos: 1432
Solutions: 192

Re: Meltdown and Spectre Exploits

 

I rarely do this but thought this was a way to start off this monday on the lighter side:

 

 

meltdown_and_spectre

New Member
Posts: 1
Registered: ‎02-05-2016

Re: Meltdown and Spectre Exploits

Can we please have an official response on any timescales for the patches?

SuperUser
Posts: 6,141
Registered: ‎08-26-2009
Kudos: 1862
Solutions: 60

Re: Meltdown and Spectre Exploits

An official response could look a lot like @waterside's reply. And actually I wonder if the Atheros MIPS processors used in the airMAX, many UniFi and some other UBNT products do any speculative cache access / speculative execution at all...