Mitigating the Effect of Meltdown and Spectre on Public Safety Communications
The security gaps Meltdown and Spectre found in processors are not only affecting chip manufacturers. Blue light organisations are also affected: In particular, those who rely on cloud solutions.
Nobody wants to paint too gloomy a picture – but the following question arises nevertheless: What if alarm systems fail during a disaster due to critical security gaps? Not only human lives are threatened, but soon the question of liability and responsibility also comes up.
Fortunately some networks are not affected. When researching on the effect of both security gaps, an attack without physical access is impossible in Swissphone’s alarm networks. According to Swissphone, the Swissphone base stations are equipped with AMD processors which exclude a meltdown attack due to the underlying architecture. Despite the fact that the Swissphone base stations (ITC2100/ITC2500) are potentially susceptible to another possible attack – Spectre – this is nevertheless excluded without physical access. A direct way for hackers to place an executable code on a base station without physical access does not exist in digital alarm networks. This is because slave base stations from Swissphone are designed as wave net topologies, i.e. completely independent of TCP/IP and therefore not endangered. In addition, the master base stations connected to a TCP/IP network exclusively operate in a closed and internal network. Furthermore, the user data encryption used by Swissphone is transparent for the base stations, so that no sensitive information can be stolen from the base station even if the machine is physically accessed.
It is known that Swissphone has long advocated dedicated alarm networks instead of public mobile phone networks: And that for good reasons, as it is now finally becoming apparent.