Tech 22 February 2019

Ed Drake

Security researcher finds Bitmain S15 miner exploit

A developer has discovered vulnerability in Bitmain’s Antminer S15, which has subsequently been turned into an exploit by an anonymous security researcher, according to reports.

The vulnerability was discovered by developer James Hilliard, with the anonymous 00whiterabbit creating the attack script. Hilliard is perhaps best known for his BIP #91, the proposal that activated SegWit and stopped SegWit2x.

The firmware exploit allows an attacker to take control of the mining hardware remotely, with the freedom to do virtually anything to affect the mining processes, including changing the payout wallet address in compromised machines, according to the report.

The vulnerability follows on from the discovery of the exploit known as Antbleed, which allows mining rigs to be shut down by external parties—something which at the time was described as posing an “existential threat” to SegWit, which remains highly dependent on Bitmain hardware.

Now, Hilliard and 00whiterabbit are offering to share more details about the exploit, as well as helping create a patch to fix it – but only if Bitmain meets their demands.

Specifically, the pair wants Bitmain to make its code available for free, in keeping with the terms of the GNU General Public License agreement.

The attack, which has already been dubbed ‘Antsploit,’ is regarded by analysts as potentially more serious than Antbleed, posing significant risks to SegWit infrastructure. With pool switching or address switching easily possible through the exploit, there’s very little that can be done to prevent a determined hacker from compromising the S15 hardware.

The presence of these vulnerabilities has been attributed to Bitmain’s decision to close source their software, as opposed to open source software, which would have enabled the wider developer community to identify holes in the code.

Hilliard said that by keeping the software closed, Bitmain has created the conditions for this type of exploit, as well as flouting the terms of the GPL license. He told Bitcoin Magazine, “Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It’s a centralization risk.”

With the offer to fix from Hilliard and 00whiterabbit on the table, it remains to be seen whether Bitmain will give ground to their demands.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Bitcoin SV and the roadmap to Genesis

Tech 17 April 2019

Bitcoin SV and the roadmap to Genesis

Coming soon will be a network upgrade called Quasar, which is currently scheduled for July 24 and centers on increased scaling capabilities.

Read More
Large block sizes continue to prove Bitcoin SV’s strength

Tech 17 April 2019

Large block sizes continue to prove Bitcoin SV’s strength

In proving that Satoshi was correct, the BSV blockchain has routinely proven that large blocks were possible.

Read More
Korea’s largest telecom launches a 5G-based blockchain platform

Tech 17 April 2019

Korea’s largest telecom launches a 5G-based blockchain platform

Korea’s KT telecom provider will be launching a new 5G network with underlying blockchain technology for security.

Read More