3

I am curious if Microcontrolers are effected by the vulnerabilities of Meltdown and Spectre. These devices are not specifically CPUs, and do not run Operating Systems per-say. I'm not really sure I understand the whole speculative execution attack, but I would like to know if this can effect things like microcontrolers, which are used to drive many IOT devices.

j0h
  • 301
  • 2
  • 6
  • 1
    there are some semi-related timing attacks on MCUs, so more and more parts are using constant-time comparisons in more and more places. – dandavis Jan 08 '18 at 09:26

1 Answers1

7

In general, no, for several reasons.

First, Meltdown is an issue with how Intel chose to handle invalid memory accesses during speculative execution. A couple of ARM designs are vulnerable to a variant of Meltdown, but other than that, it's Intel-only.

Second, Meltdown and Spectre both require that the CPU use a technique called "speculative execution". This is a great performance boost, but it comes at the cost of a bigger, more expensive, and more power-hungry chip. Microcontrollers are small, cheap, low-power chips -- exactly the opposite of what would use speculative execution.

Third, Meltdown and Spectre are about getting around memory protection. The typical microcontroller only runs a single program, so applying memory protection is a waste of time and effort -- any memory a program could read using Meltdown or Spectre, the program could read just by looking at it.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • Speculative execution is only a major performance boost in cases where there is a large difference between the time required to read information from the fastest and slowest parts of a computer's directly-addressable memory. On a desktop machine, the difference would often be on the order of 100:1. On a small micro, it would be at most 2:1. If 10% of accesses would incur a 100:1 speed penalty, reducing that could offer a major performance boost. If 10% or even 25% of accesses incur a 2:1 speed penalty, however, the performance boost achievable by alleviating that would be minor. – supercat Jan 09 '18 at 23:51