A mining chip vulnerability that could potentially be used to remotely shut off bitcoin mining machines was revealed yesterday – with a fix from the manufacturer following shortly after.
Involving controversial mining chip manufacturer Bitmain, the issue is what some are calling a “backdoor” in the code that controls its hardware, offering the company a way to remotely shut off the miners. Since the code, released anonymously last evening, is vulnerable to attackers, the main concern is whether, in a worst-case scenario, it could be misused.
The fear is that bad actors could exploit the vulnerability to switch off bitcoin mining equipment in bulk, and with Bitmain supplying such a large number of machines to the market, the impact could have catastrophic implications for the bitcoin ecosystem.
Known as Antbleed (a title bestowed by the website that dramatized its release), the vulnerability is open-source, making it easy to verify. Leading up to the reveal, a group was told about the code feature, with some developers, such as Satoshi Labs CEO Marek Palatinus independently verifying that the backdoor exists and that it can be used to stop Bitmain miners on trigger.
Bitmain quickly responded with a fix that erases this part of its mining firmware. Further, its team said claimed that the feature was never finished, and that it was intended to help customers recover stolen miners, a past problem for industry firms.
The statement reads:
“We never intended to use this feature on any Antminer without authorization from its owner. This is similar to the remote erase or shutdown feature provided by most famous smartphone manufacturers.”
Much of the recent buzz in the community is around whether the so-described “backdoor” could have been used for malicious purposes, for example, to shut off a miner if it wasn’t complying with rules set by Bitmain.
Adding to the confusion is that bitcoin developments have been highly politicized lately, with Bitmain often sitting at the center of bitcoin’s long-standing scaling debate, opposing proposals authored by members of the Bitcoin Core community. For example, the vulnerability reveal follows allegations that the manufacturer was using a secret mining advantage to boost its profits.
In conversation with CoinDesk, Bitcoin Unlimited chief scientist Peter Rizun might have summed up the issue and surrounding atmosphere the best:
“The drama in social media today surrounds the question of whether there exists a security hole that would allow this remote-control feature to be exploited for nefarious purposes.”
Still, it seems that there are other reasons to be concerned about the backdoor.
Since it can be exploited by bad actors from outside the company, the mining chips are now viewed as a security risk to the network. Every one to 11 minutes, according to the open-source patch introduced on July 12th, 2016, the machines send calls back to a Bitmain server.
The idea is that the mining manufacturer can scan for identifying information about the mining chip, including its serial number and IP address.
But, arguably the biggest concern is that the code isn’t limited to use by certain people or companies, so it can be exploited by any man-in-the-middle or attacks coming from the same DNS server.
“Even without Bitmain being malicious, the API is unauthenticated and would allow any MITM, DNS or domain hijack to shut down Antminers globally,” the Antbleed website reads, further outlining concerns about the potential for technical or political misuse.
VULNERABILITY OR ‘MALICIOUS’ BACKDOOR?
Whether or not it was intended to be malicious seems to make up the bulk of the surrounding debate, and so far, it seems that sentiment has broken along the lines of the scaling debate.
Still, some broke away from so-called party lines.
:This was reckless of them to leave the unfinished feature in the code since this represents a major security issue,” said Henry Brade, CEO of bitcoin service provider Prasos, a past defender of Bitcoin Core’s scaling proposals.
“However, based on the statement it is not accurate to call ‘Antbleed’ malicious in nature. It’s simply a serious security issue.”
F2pool operator Wang Chun further noted that, he isn’t particularly worried about miners within his pool falling victim to manipulation by Bitmain. He noted in conversation with CoinDesk that it doesn’t seem like the company ever used it to shut down miners.
“They have been able to do that for a long time, but they didn’t,” he said.
Guy Corem, former CEO of Israeli mining chip maker Spondoolies-Tech, chalked up the controversy to “incompetence” and “negligence”, rather than malicious intent.
“It make sense they wanted to develop such feature and it also make sense they didn’t complete it and abandon it,” he added. Further, he cited Spondoolies-Tech’s own past issues with stolen mining equipment.
Still, some in the community are skeptical of Bitmain’s response.
“Denial of many people is unbelievable. ‘Antbleed’ is not bug or mistake. The purpose of the code is clear; shut down miner on remote flag,” Palatinus tweeted.
Others have raised concerns about this vulnerability being made public, since outsiders can then take advantage of the attack vector.
Bitcoin Core contributor Matt Corallo argued that owners of these bitcoin miners needed to know about the potential vulnerability in order to fix it.
“The issue is it’s already integrated in a ton of deployed hardware,” he said, adding:
“It was reported to Bitmain via that bug report months ago, and their customers need to know to protect their operations from potential [man-in-the-middle attacks].”
The issue was first reported to Bitmain on Github in September 2016.
One question is how prevalent the practice is in bitcoin. Secret backdoors seem to be par for the course in the technology world, often drawing security-minded critics as they’re uncovered. Do other hardware manufacturers have the same vulnerability? Two mining manufacturers, at least, claim that they don’t.
“Our hardware doesn’t [have] such issues, we doesn’t offer remote update for firmware – it’s the customer’s decision update them or not,” said blockchain startup Bitfury Group CIO Alex Petrov.
“My miner has no ASICBoost or backdoor,” Jack Liao, CEO of mining LightningAsic, told CoinDesk.
Along with the details about the backdoor, those who detected it released a patch that closes it up with a single line of code.
Still, there are lingering worries that the vulnerability betrays a weakness in the bitcoin network – namely, it’s lack of mining chip makers.
No clear data is available about how many miners are running this software, but Bitmain is one the largest chip manufacturers in the space, with bolder estimates suggesting it produces 70% of all mining chips.
That the backdoor could be used to impact any of those chips is unsurprisingly alarming to advocates that the network be “decentralized” and open to competition that enables different actors to engage on it.
For now, the impact seems to be that Bitmain will take action to look at the rest of its codebase in order to spot other vulnerabilities.
“The controversy around this code has brought our attention to improve the design in order to address vulnerabilities that were pointed out by the community recently,” its statement reads.
Still, others are lamenting the state of the drama and conversation around the issue, noting how quickly it became politicized.
“All-in-all just another day in bitcoin.”