Spectre and Meltdown CPU Vulnerabilities and Konica Minolta MFPs

January 9, 2018

Based on current knowledge, the threat likelihood is extremely low for Konica Minolta products.

1. Overview (quoted from Cert.org)

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh.

The issues are organized into three variants:

Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load, memory access permission check performed after kernel memory read

2. Severity score of these vulnerabilities by CVSS v3, Common Vulnerability Scoring System

CVE-2017-5753
Base Score 5.6 Medium
Vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (legend)
Impact Score 4.0
Exploitability Score 1.1

 

CVE-2017-5715
Base Score 5.6 Medium
Vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (legend)
Impact Score 4.0
Exploitability Score 1.1

 

CVE-2017-5754
Base Score 5.6 Medium
Vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (legend)
Impact Score 4.0
Exploitability Score 1.1

 

Note: For explanation of CVSS, refer to the first.org web site. Since the CVSS score may be updated occasionally, check the latest status on CVE’s website. In addition, the CVSS score may be different for each security agency.

 

3. Risk for MFPs

At this time the vulnerability only exists when a malicious program is executed on the target device, if executed, the program can access data stored in memory that should normally be protected by the system (Memory of kernel area of OS, memory of each process and memory of each virtual machine). It is important to know that the Memory data cannot be exposed remotely to an external network.

Several Konica Minolta MFPs contain ARM or Intel processors which are possibly affected by the Meltdown and Spectre vulnerability.

In order for an attacker to exploit this vulnerability in MFPs, it is necessary to execute a malicious program on the target machine by tampering with the internal firmware.

Konica Minolta MFPs have achieved ISO 15408 Common Criteria Security certification. ISO 15408 certified firmware is digitally signed by Konica Minolta. Prior to installing updated firmware on the MFP, the authorized service engineer can verify the Konica Minolta digital signature to ensure data integrity.

In addition, ISO 15408 certified MFPs contain a firmware verification feature. When rewriting the main unit’s firmware, a hash value check is run to see if the firmware data was tampered with. If the hash values don’t match, an alert is issued, and the firmware is not rewritten. In addition, when enhanced security mode is enabled, hash value checks are performed every time the main power source is turned ON. If the hash values don’t match, an alert is issued, and starting the main MFP unit is prohibited.

Because of these fail-safe mechanisms it is extremely difficult for an attacker to embed the exploitive code into the MFP and execute it.

For these reasons, KMI is not currently planning to release updated firmware for Spectre or Meltdown because of the very low risk of this vulnerability to attack our MFPs.

 

4. For PP controllers, Fiery and Creo

Because EFI Fiery and Creo controllers also contains Intel CPUs, they are affected by the Meltdown vulnerability. EFI announced the status on their public website and via a partner bulletin, shown below.

EFI Smart Support News (public) – Intel CPU Security Vulnerabilities: Spectre, Meltdown
Fiery Partner Bulletin (for authorized members only)  – Intel CPU Security Vulnerabilities: Spectre, Meltdown

Currently, Creo has no public comment about this, but they are going to provide software patch sometime in the near future.

5. MFP products which contain affected processors

Office color: (C458/C558/C658), (C659/C759)

Office B&W: (458e/558e/658e), (/808/958)

These office products contain ARM Cortex-A15 processor.

PP products; All PP products contains affected Intel processors.

 

6. CPU vendor’s information

ARM Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism

Intel Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

 

7. References

CERT/CC Vulnerability Note VU#584653

  • CPU hardware vulnerable to side-channel attacks

NIST National Vulnerability Database

Meltdown and Spectre

KM Security Guide Brochure

FURTHER RECOMMENDATIONS
Konica Minolta Business Solutions U.S.A., Inc and the security experts in our All Covered IT division recommend clients schedule a comprehensive review of their security protection solutions. All Covered’s Secure & Protect Security Suite includes various layers of IT security software, monitoring and End User Awareness Training to ensure organizations have a sound security practice. We also offer an Optimized Network Assessment (ONA) that does a comprehensive scan of your IT infrastructure informing you of any vulnerabilities you may have. One of our security experts will walk you through the results allowing you to correct any vulnerabilities before they become a problem.

Konica Minolta also recommends to contact your authorized Konica Minolta service provider to discuss how to protect your MFP by enabling bizhub SECURE services.

If you would like to disucss your security plan or to schedule on on-site network vulnerability assessment, please contact us.

Contact Us

Konica Minolta

Konica Minolta aims to partner with clients to Give Shape to Ideas by supporting their digital transformation through its expansive Intelligent Connected Workplace portfolio. Its business technology offerings include IT Services, intelligent information management, video security solutions and managed print services, as well as office technology and industrial and commercial print solutions.