Meltdown and Spectre Hardware Vulnerabilities? CUBE responds!

Last week a pair of vulnerabilities were announced: Meltdown and Spectre.

The underlying vulnerability affects almost all modern processors from Intel, AMD, ARM and other manufacturers. This encompasses the chips found in many smart phones, computers, tablets, on hold boxes, music players, etc.

  • CUBE hardware is unaffected.
  • No patching needed for this vulnerability.
  • All security patching is handled by CUBE.
  • CUBE does not use the affected processors.
  • CUBE does not run Android, Windows, iOS or MAC OS.

Both Meltdown and Spectre were not a hack, but are due to a design oversight in the very foundation of how those hardware chips were built. As Trend Micro’s VP of Infrastructure Strategies Bill Malik states - “These vulnerabilities take advantage of a basic process used by most modern CPUs to help speed up requests. They take advantage of the timing of various instructions so they can see the information - whether that’s proprietary corporate data or sensitive personal information.” So if you run an Android, Windows, iOS, or Mac OS device to provide your service, you or your provider will be required to pull down a patch from the OS vendor to patch the affected hardware vulnerability. This patching will cause a decrease in performance, since the process that is used to speed up requests by the processor is being locked down by the patches.

CUBE does not employ an affected processor for our processing hardware.

As such, there will be no patch needed by our clients for CUBE hardware and services. Our users are unaffected by any vulnerabilities relating to Meltdown and Spectre today.

Moreover, since CUBE digitally signs all code than runs on CUBE hardware, only CUBE-authorized code can run on CUBE devices. There is thus no possibility for untrusted third-party code to run, which provides you with a further layer of security and comfort.

In the future, should a vulnerability ever come about for CUBE hardware, we handle all security and patching remotely, and our customers can rest easy knowing our team is watching out for them. This ensures that a situation similar to that of Meltdown and Spectre is avoided.