The Week In Review: Design

Processor vulnerabilities; Arrow buys eInfochips; debug over Type-C.


Security researchers identified a major exploit of the “speculative execution” technique used to optimize performance in modern processors. The flaws allow an attacker to read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications, according to Google’s Jann Horn. Multiple researchers discovered the issues independently, including Jann Horn and teams from Cyberus Technology and the Graz University of Technology.

Three known variants of the issue exist, in two categories. Meltdown “exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords,” according to a paper by the researchers. The researchers have verified the exploit on Intel processors dating from 2011.

Meanwhile, Spectre attacks also violate memory isolation boundaries and involve “inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel,” according to the paper, which also warns that “speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms.” The researchers have found processors from Intel, AMD, and Arm vulnerable.

A list of official security advisories from affected companies is available. Patches are rolling out for vulnerable processors and operating systems, and Intel expects that by the end of next week, it will have issued updates for more than 90% of processor products introduced within the past five years. Thus far, there are no known instances of the exploits being used in the wild.

Arrow will acquire eInfochips, a design services and IP provider. Founded in 1994, eInfochips is expected to boost Arrow’s IoT platform with the addition of its Snapbricks IoT framework and 1,500 employees. The deal is expected to close this month. Terms were not disclosed.

The MIPI Alliance updated its Narrow Interface for Debug and Test specification. MIPI NIDnT v1.2 enables using USB Type-C v1.2 “alternate modes” to facilitate debug and test over USB Type-C pins. According to Enrico Carrieri, chair of the MIPI Debug Working Group, “Developers do not need to be experts on USB Type-C to use the specification. Those who are familiar with MIPI NIDnT will find that the debug and test concepts haven’t changed. The specification simply adds capability to use USB Type-C.”

Also released was the MIPI Discovery and Configuration Specification for Narrow Interface for Debug and Test v1.0 (MIPI DisCo for NIDnT v1.0), a standardized software tool for test device software to discover and configure the hardware debug and test capabilities enabled by MIPI NIDnT.


Fact Cheq says:

My Lenovo tablet has officially died because of this new debugging issue. And when I went to check my sys log in a reboot, the information that was being shared was astronomical and completely messed up. Then to top everything off, as I was taking photos of all the logs, I was witnessing the live deletion of all of the logs and the servers leaving. It was completely mind blowing & now, no matter what, the tablet will no longer power on. And all I did was read the logs. But they knew that. Privacy is beyond officially OVER WITH. Forget the type c connectivity. I’ll stick with my iPhone lightning port AND Apple products. This is beyond ratchet.

Leave a Reply

(Note: This name will be displayed publicly)