Meltdown and Spectre Vulnerability Technical Bulletin
This past week news reports have announced a security flaw of a CPU feature called speculative execution that affected a majority of processors in the computing industry. Two potential attack threats called Meltdown and Spectre that exploit the security flaw are causing concerns. A couple of Flash customers have inquired about our products in regard to this story.
Flash Technology engineering has analyzed our products and has determined that two products, the FTM 190 and the Vanguard SC 370 are affected. Both these controllers use the SOC AM3352 from TI. The processor core is an ARM Cortex A8 which does feature speculative execution but is only vulnerable to Spectre, not Meltdown (Only the ARM Cortex A75 is affected by Meltdown).
For the most part, all processors are vulnerable to Spectre and it is more difficult to fix. A key element in this attack, however, is that for any abuse with Spectre, the malicious user must have a process running on our CPU. This isn’t possible without first gaining Ethernet access to our system, uploading a file and executing it. If that type of access occurs, then at that point any type of attack is possible. An extra layer of protection lies in the fact that our products only operate from within closed private networks, so additional network intrusion would be needed to attack the SNMP or Web interfaces.
To mitigate risk, Flash Technology will be applying any patches supplied by our chip provider (via the TI Arago Linux distribution) when they become available. As of this writing, no patches or timelines have been announced yet from TI. When the Linux kernel is patched, Flash Technology will take the additional security step of updating any other open source components to the latest version.
Please let us know if you have any further questions or concerns.