|       

Assessment of potential impact of Meltdown/Spectre

Risk assessment of ‘Meltdown‘ on Cynap
In order for an attacker to take advantage of the ‘Meltdown’ hardware vunerability of Intel CPUs, it is necessary to be able to read protected memory areas of other programs. To do this, the attacker must be able to execute code on the CPU. In contrast to conventional operating systems such as Windows, or various Linux distributions, this activity can be ruled out due to the special proprietary software architecture of the Cynap system.

Risk assessment of ‘Spectre‘ on Cynap
In a ‘Spectre‘ attack scenario, information is read from the address space of a compromised CPU processor. This possibility can also be categorically ruled out due to the special proprietary software architecture of the Cynap system – with one exception: the web browser. Spectre can be run through a JavaScript program, and could theoretically read the address space of the browser. However the data in this address space is only of limited sensitivity.

Whilst all cloud services in the Cynap software are logged in via the browser, this is always a single process and is always terminated after login. It is not possible to navigate from this login page onto another page, potentially containing ‘dangerous’ JavaScript code. However, if the Cynap web browser is used to log in to an account on a site such as Gmail, Amazon, etc., and then subsequently onto an infected page, passwords in the memory could theoretically be read out.

Newsletter


By subscribing to our newsletter, you agree with our PRIVACY POLICY and to share your e-mail address with WolfVision GmbH.
rauten-muster