Tech 22 February 2019Ed Drake
Security researcher finds Bitmain S15 miner exploit
A developer has discovered vulnerability in Bitmain’s Antminer S15, which has subsequently been turned into an exploit by an anonymous security researcher, according to reports.
The vulnerability was discovered by developer James Hilliard, with the anonymous 00whiterabbit creating the attack script. Hilliard is perhaps best known for his BIP #91, the proposal that activated SegWit and stopped SegWit2x.
The firmware exploit allows an attacker to take control of the mining hardware remotely, with the freedom to do virtually anything to affect the mining processes, including changing the payout wallet address in compromised machines, according to the report.
@BITMAINtech tried and failed to lock down the S15 firmware, I identified the vulnerability and @00whiterabbit wrote/tested the attack code. Once @BITMAINtech complies with the GPL licenses for the firmware I will disclose the vulnerability to them so that they can fix it. pic.twitter.com/zwsAaPQjRL
— James Hilliard (@james_hilliard) February 12, 2019
The vulnerability follows on from the discovery of the exploit known as Antbleed, which allows mining rigs to be shut down by external parties—something which at the time was described as posing an “existential threat” to SegWit, which remains highly dependent on Bitmain hardware.
Now, Hilliard and 00whiterabbit are offering to share more details about the exploit, as well as helping create a patch to fix it – but only if Bitmain meets their demands.
Specifically, the pair wants Bitmain to make its code available for free, in keeping with the terms of the GNU General Public License agreement.
The attack, which has already been dubbed ‘Antsploit,’ is regarded by analysts as potentially more serious than Antbleed, posing significant risks to SegWit infrastructure. With pool switching or address switching easily possible through the exploit, there’s very little that can be done to prevent a determined hacker from compromising the S15 hardware.
The presence of these vulnerabilities has been attributed to Bitmain’s decision to close source their software, as opposed to open source software, which would have enabled the wider developer community to identify holes in the code.
Hilliard said that by keeping the software closed, Bitmain has created the conditions for this type of exploit, as well as flouting the terms of the GPL license. He told Bitcoin Magazine, “Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It’s a centralization risk.”
With the offer to fix from Hilliard and 00whiterabbit on the table, it remains to be seen whether Bitmain will give ground to their demands.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 17 April 2019
Bitcoin SV and the roadmap to Genesis
Coming soon will be a network upgrade called Quasar, which is currently scheduled for July 24 and centers on increased scaling capabilities.
Tech 17 April 2019
Large block sizes continue to prove Bitcoin SV’s strength
In proving that Satoshi was correct, the BSV blockchain has routinely proven that large blocks were possible.
Tech 17 April 2019
Korea’s largest telecom launches a 5G-based blockchain platform
Korea’s KT telecom provider will be launching a new 5G network with underlying blockchain technology for security.