Assessment of potential impact of Meltdown/Spectre

Risk assessment of ‘Meltdown‘ on Cynap
In order for an attacker to take advantage of the ‘Meltdown’ hardware vunerability of Intel CPUs, it is necessary to be able to read protected memory areas of other programs. To do this, the attacker must be able to execute code on the CPU. In contrast to conventional operating systems such as Windows, or various Linux distributions, this activity can be ruled out due to the special proprietary software architecture of the Cynap system.

Risk assessment of ‘Spectre‘ on Cynap
In a ‘Spectre‘ attack scenario, information is read from the address space of a compromised CPU processor. This possibility can also be categorically ruled out due to the special proprietary software architecture of the Cynap system – with one exception: the web browser. Spectre can be run through a JavaScript program, and could theoretically read the address space of the browser. However the data in this address space is only of limited sensitivity.

Whilst all cloud services in the Cynap software are logged in via the browser, this is always a single process and is always terminated after login. It is not possible to navigate from this login page onto another page, potentially containing ‘dangerous’ JavaScript code. However, if the Cynap web browser is used to log in to an account on a site such as Gmail, Amazon, etc., and then subsequently onto an infected page, passwords in the memory could theoretically be read out.



Please select all the ways you would like to hear from WolfVision GmbH:

You can unsubscribe at any time by clicking the link in the footer of our emails. By clicking to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy policy here, and our own privacy policy here.