DesignSpark Electrical Logolinkedin

What do Spectre and Meltdown mean for industry?

The news broke on the 3rd of January that Google Alphabet Project Zero researchers had found two severe flaws in Intel and ARM processors. These flaws were reported to the Processor manufacturers in June / July 2017. These vulnerabilities were named Spectre and Meltdown.

Meltdown

This vulnerability affects Intel and ARM. Meltdown allows an attacker to bypass the hardware barriers between memory and applications running on the computer, which can allow an attacker to access data, passwords and crypto-keys. This vulnerability can be patched which some have started to appear for operating systems Linux, Windows and MacOS. In the short term, this is a problem while manufacturers, process industry and machine builders gather data on what processors they are using in the field and then deploying a patch to the unit.

To protect in the short term would be to firewall incoming traffic to an affected item and only allow trusted IP addresses to the unit. As soon as the patch is available for your system, deploy the patch to all affected systems.

Spectre

This vulnerability is harder to exploit but it is still a threat to a control system.  This breaks the isolation between applications that otherwise would be deemed error-free programs. This induces a program to leak its secrets and data using other processes within the memory to access the application. Spectre will be harder to patch also, one of the authors of the paper said:

We are currently not aware of effective countermeasures that will eliminate the root cause of Spectre, short of hardware redesign"

Meaning that an industrial system could have a vulnerability for its operational lifetime, as the underlying vulnerability is caused by CPU architecture design.  

Items that could be affected by these chips

  • IPCs (Intel)
  • HMIs (Intel/ARM)
  • Switches (ARM)
  • iPads (ARM)
  • iPhones (ARM)
  • Android devices (ARM)
  • Remote access units (ARM)

Phoenix Contact’s Mguard will stop an attacker accessing a device. Using the NXP processor it is not affected by the processor bugs. It includes a full state firewall allowing you to take control of your network, or protect systems that are vulnerable / un-patchable.

Get in touch with Phoenix Contact for more information.

Phoenix Contact is a world leader for electronic components, systems and solutions in the field of electrical engineering, electronics and automation. The family-owned company currently employs 15000 people worldwide and achieved a total revenue of 1.97 billion euro in 2016. The headquarters are in Blomberg, Germany. The Phoenix Contact Group consists of nine companies and 50 sales companies. The worldwide presence is also supported by 30 agencies in Europe and overseas. Phoenix Contact operates manufacturing facilities in nine countries around the world with a high level of vertical integration. Not only screws, plastic and metal parts, but also highly automated machines are manufactured. The product range includes components and system solutions for energy supply, including wind and solar, device, machine tools and control cabinets