Can you trust your hardware
Some interesting news: EPT article
Forum Discussion
pnichols wrote:liborko wrote:
Some interesting news:
EPT article
Thanks a lot for the link to that outstandingly clear and disheartening article!
Unfortunately, there are also some rather significant wrong facts in the article, or at least wrong conclusions.
There are many CPUs available for embedded use that have very well defined timing characteristics; that's the rule, rather than the exception, in that field (at least for low to medium end CPUs).
Spectre / Meltdown sorts of vulnerabilities are not a real concern for car brake systems or many similar things because they don't run arbitrary code in the first place, and don't have a means of introducing outside code. They often might not even have separate process memory spaces to protect from each other.
Undocumented instructions on a processor may or may not prove to be security vulnerabilities, but are probably there for reasons far from nefarious, such as production testing or simply as a side effect of how the processor is designed. Typically I would not expect them to be any more vulnerable to attack than documented instructions.
The "Internet of Things" is a giant recipe for potential trouble, though.
