A mining chip vulnerability that could potentially be used to remotely shut off bitcoin mining machines was revealed yesterday â with a fix from the manufacturer following shortly after.
Involving controversial mining chip manufacturer Bitmain, the issue is what some are calling a âbackdoorâ in the code that controls its hardware, offering the company a way to remotely shut off the miners. Since the code, released anonymously last evening, is vulnerable to attackers, the main concern is whether, in a worst-case scenario, it could be misused.
The fear is that bad actors could exploit the vulnerability to switch off bitcoin mining equipment in bulk, and with Bitmain supplying such a large number of machines to the market, the impact could have catastrophic implications for the bitcoin ecosystem.
Known as Antbleed (a title bestowed by the website that dramatized its release), the vulnerability is open-source, making it easy to verify. Leading up to the reveal, a group was told about the code feature, with some developers, such as Satoshi Labs CEO Marek Palatinus independently verifying that the backdoor exists and that it can be used to stop Bitmain miners on trigger.
Bitmain quickly responded with a fix that erases this part of its mining firmware. Further, its team claimed that the feature was never finished, and that it was intended to help customers recover stolen miners, a past problem for industry firms.
The statement reads:
âWe never intended to use this feature on any Antminer without authorization from its owner. This is similar to the remote erase or shutdown feature provided by most famous smartphone manufacturers.â
Much of the recent buzz in the community is around whether the so-described âbackdoorâ could have been used for malicious purposes, for example, to shut off a miner if it wasnât complying with rules set by Bitmain.
Adding to the confusion is that bitcoin developments have been highly politicized lately, with Bitmain often sitting at the center of bitcoinâs long-standing scaling debate, opposing proposals authored by members of the Bitcoin Core community. For example, the vulnerability reveal follows allegations that the manufacturer was using a secret mining advantage to boost its profits.
In conversation with CoinDesk, Bitcoin Unlimited chief scientist Peter Rizun might have summed up the issue and surrounding atmosphere the best:
âThe drama in social media today surrounds the question of whether there exists a security hole that would allow this remote-control feature to be exploited for nefarious purposes.â
Still, it seems that there are other reasons to be concerned about the backdoor.
Since it can be exploited by bad actors from outside the company, the mining chips are now viewed as a security risk to the network. Every one to 11 minutes, according to the open-source patch introduced on July 12th, 2016, the machines send calls back to a Bitmain server.
The idea is that the mining manufacturer can scan for identifying information about the mining chip, including its serial number and IP address.
But, arguably the biggest concern is that the code isnât limited to use by certain people or companies, so it can be exploited by any man-in-the-middle or attacks coming from the same DNS server.
âEven without Bitmain being malicious, the API is unauthenticated and would allow any MITM, DNS or domain hijack to shut down Antminers globally,â the Antbleed website reads, further outlining concerns about the potential for technical or political misuse.
Whether or not it was intended to be malicious seems to make up the bulk of the surrounding debate, and so far, it seems that sentiment has broken along the lines of the scaling debate.
Still, some broke away from so-called party lines.
âThis was reckless of them to leave the unfinished feature in the code since this represents a major security issue,â said Henry Brade, CEO of bitcoin service provider Prasos, a past defender of Bitcoin Coreâs scaling proposals.
âHowever, based on the statement it is not accurate to call âAntbleedâ malicious in nature. Itâs simply a serious security issue.â
F2pool operator Wang Chun further noted that, he isnât particularly worried about miners within his pool falling victim to manipulation by Bitmain. He noted in conversation with CoinDesk that it doesnât seem like the company ever used it to shut down miners.
âThey have been able to do that for a long time, but they didnât,â he said.
Guy Corem, former CEO of Israeli mining chip maker Spondoolies-Tech, chalked up the controversy to âincompetenceâ and ânegligenceâ, rather than malicious intent.
âIt make sense they wanted to develop such feature and it also make sense they didnât complete it and abandon it,â he added. Further, he cited Spondoolies-Techâs own past issues with stolen mining equipment.
Still, some in the community are skeptical of Bitmainâs response.
âDenial of many people is unbelievable. âAntbleedâ is not bug or mistake. The purpose of the code is clear; shut down miner on remote flag,â Palatinus tweeted.
Others have raised concerns about this vulnerability being made public, since outsiders can then take advantage of the attack vector.
Bitcoin Core contributor Matt Corallo argued that owners of these bitcoin miners needed to know about the potential vulnerability in order to fix it.
âThe issue is itâs already integrated in a ton of deployed hardware,â he said, adding:
âIt was reported to Bitmain via that bug report months ago, and their customers need to know to protect their operations from potential [man-in-the-middle attacks].â
The issue was first reported to Bitmain on Github in September 2016.
One question is how prevalent the practice is in bitcoin. Secret backdoors seem to be par for the course in the technology world, often drawing security-minded critics as theyâre uncovered. Do other hardware manufacturers have the same vulnerability? Two mining manufacturers, at least, claim that they donât.
âOur hardware doesnât [have] such issues, we [donât] offer remote update for firmware â itâs the customerâs decision update them or not,â said blockchain startup Bitfury Group CIO Alex Petrov.
âMy miner has no ASICBoost or backdoor,â Jack Liao, CEO of mining LightningAsic, told CoinDesk.
Along with the details about the backdoor, those who detected it released a patch that closes it up with a single line of code.
Still, there are lingering worries that the vulnerability betrays a weakness in the bitcoin network â namely, itâs lack of mining chip makers.
No clear data is available about how many miners are running this software, but Bitmain is one the largest chip manufacturers in the space, with bolder estimates suggesting it produces 70% of all mining chips.
That the backdoor could be used to impact any of those chips is unsurprisingly alarming to advocates that the network be âdecentralizedâ and open to competition that enables different actors to engage on it.
For now, the impact seems to be that Bitmain will take action to look at the rest of its codebase in order to spot other vulnerabilities.
âThe controversy around this code has brought our attention to improve the design in order to address vulnerabilities that were pointed out by the community recently,â its statement reads.
Still, others are lamenting the state of the drama and conversation around the issue, noting how quickly it became politicized.
Rizun concluded:
âAll-in-all just another day in bitcoin.â
Image via AntBleed website
