Hello Richard,
> gareth evans writes:
>> Is it true that the RPi4 is susceptible to these
>> security attacks but that no previous versions are?
> https://developer.arm.com/support/arm-security-updates/speculative-
> processor-vulnerability
> describes which cores are susceptible to which attacks. The variants
> that the Pi4’s CPU are vulnerable to are as follows:
> * Variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715) are Spectre. An
> attacker can bypass validity checks and access data that’s supposed
> to be secret.
> * Variant 3A (CVE-2018-3640) is essentially Meltdown but for registers
> instead of memory. An attacker can bypass CPU-level privilege checks
> and read access data that is supposed to be secret.
> * Variant 4 (CVE-2018-3639) is a speculative store bypass. An attacker
> can access data that was supposed to have been overwritten.
> The other Pi CPU cores are not listed and therefore not vulnerable to
> any known speculation-based attacks.
> Since the original Spectre/Meltdown research, a _lot_ of variants have
> been identified. It’s likely that there are more to come. Arm’s
> record has been very good here, but it’s not impossible that future
> issues may impact Arm cores too.
Can you explain us how we can find out which versions can attack which Pi
versions?
As I have many Pi's from 2 x 1B, 1B+, 2B, 3B, 3B+, 4B4GB, 4B8GB, ZeroW,
BeagleBoard xM, Acorn RiscPC, Archimedes A440, BBC/Master/Compact/Electron/
Atom.
Some are running 24/7, others only occasionally. No one uses WiFi or BT,
only RJ45 cable. Some RISC OS, Some Raspbian Linux.
No electronic banking, no creditcard, no smartphone (only 2G phone, 3G inet
router occasionally on the move),
no Google account, no FaceBook, no Twitter, not using Cloud storage.
I have switched off RFID paying with the bank Pin card, and they are
permanently stored in a RFID free sleeve.
So I want to minimise all the risks as less as possible.
Thanks for informing us.
Henri.
---
* Origin: Connectivity is the Future; UniCornBBS.Demon.nl (2:280/1208)
|