One or more of the security vulnerabilities disclosed this week affect nearly every modern smartphone, PC, and server processor. Intel processor are vulnerable to both Meltdown and Spectre attacks. AMD chips are vulnerable to Spectre attacks. And the ARM-based processors that are used in most modern smartphones can fall prey to a Spectre attack as well.
Hardware and software companies are busy pushing out software updates to help mitigate the risk. But it turns out you don’t need to be using a 20-year old PC to be safe from the new vulnerabilities. There is at least one relatively modern line of computers that’s already safe: the Raspberry Pi family of cheap, tiny, and low-power computers.
The Raspberry Pi Foundation has published a lengthy blog post explaining how the Meltdown and Spectre attacks work. The whole thing is worth a read if you want a deeper understanding of the attacks but don’t want to bother getting a computer science degree.
But here’s the short version of why Raspberry Pi’s computers are safe: they use processors based on older ARM designs that don’t make use of speculative execution.
On the one hand, that’s one of the reasons that even the newest Raspberry Pi computers aren’t nearly as fast as most other modern PCs. On the other hand, Raspberry Pi accidentally turned its use of ARM11, ARM Cortex-A7, and ARM Cortex-A53 CPU cores into a security feature.
While Raspberry Pi computers aren’t exactly the fastest PCs around, you can load them up with a range of different GNU/Linux-based software and use them as general purpose computers for tasks like web surfing, document editing, or media playback. You can even use them as servers.
They may have been designed for educators and students, but they’ve also proven popular with folks looking to create retro gaming consoles, media centers, and more.
I wouldn’t necessarily recommend rushing out and buying a Raspberry Pi to replace your Intel Core i7-powered laptop or desktop. But if you’re really paranoid about the Spectre and Meltdown vulnerabilities, it’s not a completely ridiculous idea. It’s just a mostly ridiculous one.
Meanwhile if you’ve got a phone, tablet, or Raspberry Pi-like single-board computer with any of the following ARM technologies, then you may be vulnerable to one ore more of the recently disclosed attack variants:
- ARM Cortex-R7
- ARM Cortex-R8
- ARM Cortex-A8
- ARM Cortex-A9
- ARM Cortex-A12
- ARM Cortex-A15
- ARM Cortex-A17
- ARM Cortex-A57
- ARM Cortex-A72
- ARM Cortex-A73
- ARM Cortex-A75
hat last one, by the way, isn’t even on the market yet. But when chips using that new design are available they’ll be the only ARM-based chips vulnerable to both Spectre and Meltdown. Most affected ARM designs are only vulnerable to Spectre-related exploits.
• ARM Cortex-A7 IS NOT VULNERABLE. 4 MONTHS HAVE PASSED AND THE ERROR IS STILL NOT CORRECTED. I GUESS YOU COULD POST ANY KIND OF SPAM HERE, BECAUSE NO EDITOR IS READING THESE COMMENTS.
Looks like they updated their list after this article was posted. ARM Cortex-A12 and Cortex-A17 wasn’t originally in it either.
Thanks for the friendly and helpful suggestion to take another look at ARM’s website and update this article. I’ve done b that.
Now, feel free to put down the caps lock.
atom cpu’s prior to 2013 are not affected .. no out of order processing on these chips..
Atom n series is vulnerable to spectre. We need actual exploit test run to verify which atom is vulnerable. But I think all cpus are vulnerable to spectre.
“Security through obsolescence.” It’s a real thing – that works well with no configuration required 😉
Keep this in mind: Out of the box a Raspberry Pi running the default Raspbian OS is by default highly insecure if directly connected to the Internet. This is because by-default there is NO firewall or other protection installed – at all!
This is probably OK if your Raspberry Pi is on your own network connected to the Internet behind a NAT/PAT router-firewall. If not, do a Web search for UFW Raspberry Pi, which is (arguably) the simplest solution to the problem.
Given all the dangers posed by directly connecting unprotected devices directly to the Internet these days, it is amazing that the Raspberry Pi Foundation still distributes their Raspbian OS without any sort of pre-installed protection. A minimally pre-configured and enabled installation of UFW would be quick and easy to do. Also including GUFW, the simple user-friendly GUI front-end for UFW, in the GUI equipped version of Raspbian would be icing on the cake. Unfortunately, calls for this to happen seem to be falling on deaf ears at the RPi Foundation.
There might be security holes in the Pi chips that we don’t know about because security researchers aren’t actively looking for it since the market is so niche, and hackers aren’t bothered either.
The A7 is not in the list provided by ARM, nor is the A53 which can be found in most mid-range mobile cpus (4xx, 6xx series of SnapDragon; 6xx of Kirin; 7xxxx series of Samsung)…
Unfortunately most (if not all) of the ARM Chromebooks use out-of-order designs, otherwise that could have been an interesting alternative…
Right now another interesting possibility are the Pinebook… they use A53 core (https://en.wikipedia.org/wiki/Pinebook)
Of course, one always has AMD, which problems seem (at the moment) to be only minor.
Interesting enough according to Intel’s FAQ, the Cherry Trails (Atom X5 / X7) are not affected by these problems… i.e. Surface 3, Asus Transformer Book T100 should be ok!
Interestingly the Cortex A55’s aren’t listed as well.
So I guess we should see a new-gen/more-modern RiPi with slightly faster processing and lower power requirements which won’t be affected as well. All hail for those using these for Home Security!
Maybe in 2019 new version for main RPi branch.
The odroid-c2 is based on A53 (Amlogic S905) which is available now.
I have an Android TV box with the S905X and it’s pretty good.
Yes, my Samsung Galaxy C7 has the SD625 which is an A53. Glad to know I don’t have to worry…about this issue.
Comments are closed.