Critical security issues Meltdown and Spectre

Jan. 5, 2018

      In the first days of January, news came out about two critical security issues called Meltdown and Spectre. They are rather serious security problems, because they affect the majority of the world’s computers. Team Turris in cooperation with other security teams is working intensively on finding a solution to the problems.

     Turris Omnia and Turris 1.x routers are potentially threatened by Spectre, which affects some processors with ARM and PowerPC architecture. As of now, there hasn't been any public news of how Spectre could specifically be used. However, a potential attacker has to have detailed knowledge of the target processor and install dangerous code on the device beforehand in order to cause harm. This means that a potential attacker has to get the opportunity of running his own code on the victim’s device. If you use updated and safe software, the risk isn’t big on Turris Omnia devices. In light of this, we would like to warn our users not to install other software than that distributed by us on their routers. Please be extra careful, if you run virtual servers on your router using LXC containers.

     Finding a reliable solution to the problems is unfortunately difficult as it requires cooperation between processor manufacturers and the Linux community. We however expect the solution to be available soon as this is a high priority issue. So far there hasn't been any report of Spectre attacks on Turris Omnia routers, but we still strongly advise our users to use recommended security settings and use only the recommended software.