Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin Security The Almighty Buck Hardware Technology

Backdoor Could Allow Company To Shut Down 70% of All Bitcoin Mining Operations (bleepingcomputer.com) 102

An anonymous reader writes: "An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a remote backdoor affecting Bitcoin mining equipment sold by Bitmain, the largest vendor of crypto-currency mining hardware on the market," reports Bleeping Computer. The backdoor code works by reporting mining equipment details to Bitmain servers, who can reply by instructing the customer's equipment to shut down. Supposedly introduced as a crude DRM to control illegal equipment, the company forgot to tell anyone about it, and even ignored a user who reported it last fall. One of the Bitcoin Core developers claims that if such command would ever be sent, it could potentially brick the customer's device for good. Bitmain is today's most popular seller of Bitcoin mining hardware, and its products account for 70% of the entire Bitcoin mining market. If someone hijack's the domain where this backdoor reports, he could be in the position to shut down Bitcoin mining operations all over the world, which are nothing more than the computations that verify Bitcoin transactions, effectively shutting down the entire Bitcoin ecosystem. Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.
This discussion has been archived. No new comments can be posted.

Backdoor Could Allow Company To Shut Down 70% of All Bitcoin Mining Operations

Comments Filter:
  • by Baron_Yam ( 643147 ) on Thursday April 27, 2017 @05:44PM (#54316143)

    A company based on Bitcoin isn't operating according to the highest standards?

    Wow. I'm definitely making a note in my diary about this unique and surprising turn of events.

    • by istartedi ( 132515 ) on Thursday April 27, 2017 @06:47PM (#54316481) Journal

      I'm going to go downtown, park at the sturdy Bitcoin building, walk in past the colonades and marble lobby, right up to the sturdy oak desk of my local and well-respected Bitcoin representative and seek reassurance that his institution is sound, and that my deposits are safe, fully insured, and returning the advertised rate of interest.

    • You mean to tell me that

      A company was looking to sell bitcoin mining equipment for a huge profit

      and instead of eschewing the tenets of bitcoins' distributed, robust design and egalitarian virtues

      they baked in a kill switch, an INSECURE kill switch that could easily dismantle everyones equipment?

      god, what will happen next?

  • by Anonymous Coward

    APK!

  • by Anonymous Coward on Thursday April 27, 2017 @05:47PM (#54316169)

    My imaginary money is at risk!!!

    • Re: (Score:2, Informative)

      by Baron_Yam ( 643147 )

      Stupid as it may be, as long as enough other fools believe in it, you can exchange your imaginary money for actual government-backed, widely accepted money or even goods.

      And there are still enough Bitcoin idiots out there that we keep getting these posts on Slashdot - a forum where everyone should ideally be technically savvy enough to recognize Bitcoin as technological bullshit.

      • Slashdot - a forum where everyone should ideally be technically savvy enough to recognize Bitcoin as technological bullshit.

        mmm...I consider blockchain technology to be fairly sophisticated, but I'm probably not as savvy as you.

        I'll grant you that the bitcoin ecosystem is a mess. It has devolved into exactly the dragon the system was designed to slay - i.e., high degree of centralization, dependence on trusted intermediaries, etc.

        Whether or not bitcoin can ever become competitive with the established electronic currency systems remains to be seen, but I'm betting it will never become anything more than nerd funny money.

        • >Whether or not bitcoin can ever become competitive with the established electronic currency systems remains to be seen

          This is what makes it obvious you are NOT as savvy as I, at least in this area; it HAS been seen.

          Bitcoin is fundamentally flawed, technologically and philosophically. It is self-defeating and incapable of being of any practical use on any decent scale. The only practical way to use Bitcoin is by utilizing other technologies that defeat any rational reasons for using Bitcoin in the firs

          • Bitcoin has proven itself to be a very successful pyramid scheme.

            • Not really. But keep telling yourself that, because we know you're kicking yourself for not mining coins when the could be mined by normal computers.

          • This is what makes it obvious you are NOT as savvy as I, at least in this area; it HAS been seen.

            Just because my opinion that the jury is still out re bitcoin doesn't match your opinion that bitcoin is a complete failure DOESN'T mean you are more technologically savvy on the matter. I make my living consulting in ERP/Financial Reporting Systems and have several large banking clients. I have undergraduate degrees in Economics and Accounting, and a graduate degree in Business - so I'm not exactly naive when it comes to the matter at hand.

            If you haven't figured that out, you haven't learned enough about it. Or rather, you've wasted just enough time to be interested in it, but not enough to realize that time was wasted.

            So...the time I've spent acquiring knowledge of bitcoin has been

            • >Just because my opinion that the jury is still out re bitcoin doesn't match your opinion that bitcoin is a complete failure DOESN'T mean you are more technologically savvy on the matter. I make my living consulting in ERP/Financial Reporting Systems and have several large banking clients. I have undergraduate degrees in Economics and Accounting, and a graduate degree in Business - so I'm not exactly naive when it comes to the matter at hand.

              Good for you. You don't know shit about Bitcoin, and insisting

              • Why don't you try... oh, I don't know, pulling your head out of your ass and reading the millions of critiques out there that very, very effectively tear Bitcoin down on pretty much every single point its proponents have ever put forward as a reason it should be worth something?

                Millions? Huh. Care to provide any links to the ones you think are especially informative?

                Your faith in Bitcoin (and yes, it's faith, because it is totally unsupported facts) is making you look more than just a little foolish. As are your irrelevant claims to be an authority of any kind on the subject, and your apparent compulsion to carry on defending it with follow-up posts days after everyone else has passed this topic by.

                1. You've made a mistake. I suggest you re-read my first response to you. I clearly state that I'm betting against bitcoin's long term prospects.
                2. Nowhere in this thread (or on this site) have I ever claimed to be an authority on bitcoin. All I did was inform you of my background in banking/finance in response to your childish claim of superiority (which you have yet to demonstrate).
                3. This topic of discuss

        • Bitcoin was always destined to become highly centralized and dependent on trusted intermediaries. The only way it wouldn't go there is if everyone who used bitcoin actually participated in the mining and understood what they were doing. As soon as non-miner, non-savvy people got in the game (day 2, I would assume) the devolution began.

          • Well, you don't have to read very far into Satoshi's paper [bitcoin.org] to see that bitcoin was designed specifically to eliminate the need for trusted intermediaries:

            What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.

            While not explicitly stated as a goal in Satoshi's paper, the system was designed to be decentralized in order to protect its integrity.

            The fact of the matter is that one cannot (for all practical purposes) transact in bitcoin without using a trusted third party, and that mining has become highly centralized. In this respect, one can only conclude that bi

      • Stupid as it may be, as long as enough other fools believe in it, you can exchange your imaginary money for actual government-backed, widely accepted money or even goods.

        Yeah, but can I do it without having to go meet some stranger in a dark alley behind a Quick-E-mart to exchange funds yet?

      • by Boronx ( 228853 )

        Bitcoin will be around as long as drug dealers find it useful.

      • Funny thing about life: perception is all there is.

        You may "know the truth" as you perceive it. Your "truth" may be independently verifiable, repeatable, reliable, consistent with other known "truths," etc. and yet, if your "truth" is only believed by a small minority of society, then it has small - and potentially even negative - social value.

        Truths like: "watering and fertilizing my garden will get me better yield" have self-fulfilling value. But, if you want to sell your produce to society, and society

        • But, if you want to sell your produce to society, and society has placed some negative value on fertilized or irrigated crops

          "Plants Crave Electrolytes!"

    • by Anonymous Coward
      All money is imaginary.
    • It's not more imaginary than any other money. Even actual gold has no value in it other than what people give it. For some reason we like to give shiny things more value than non-shiny things.
  • a very little bit
  • Host files? (Score:5, Funny)

    by 110010001000 ( 697113 ) on Thursday April 27, 2017 @05:55PM (#54316217) Homepage Journal
    If ONLY there was a host file expert here to tell us if this were true!
    • I'm not sure if you're trying to meme or something, but the hosts file overrides how specific domain names get mapped to IP addresses. So as long as an app is trying to connect to a domain name (as opposed to directly to an IP address) you can easily reroute it elsewhere or outright break it.
      • Re: Host files? (Score:5, Informative)

        by Anonymous Coward on Thursday April 27, 2017 @06:30PM (#54316395)

        There's a commenter, APK, who comes into anything related to computer security on slashdot and spams about his Hosts Engine. The host engine he distributes has mixed reviews, but appears to function acceptably for those who use it, and he clearly means well. Which doesn't stop the fact that he's in ALL the threads, or was, until he and whipslash had a confrontation or discussion or something.

        The fact that the summary explicitly asks for a hosts file based solution is, of course, the joke: it's being posted directly to the lion's den.

    • by Volanin ( 935080 )

      Ahahahaha, come on people!
      This is funny as hell for anybody who's been here for more than a month!
      I wish I had mod points.
      +1 Troll is too unfair.

    • Joke's on you, suckers. This story was brought to you by "an anonymous reader" (signed APK).
  • by epine ( 68316 ) on Thursday April 27, 2017 @06:03PM (#54316253)

    If you haven't got a billion dollars, you can't blather on about colonising Mars. How admirably crytocurrency fills its niche as a poor man's wild west. It's got everything. A Chinese Boss Hogg with a Fu Machu mustache can suddenly jump out of the woodwork at any moment. Hot damn!

    I was never much of an Oregon Trail dreamer myself, so this whole scene amuses me greatly.

  • He will threaten to brick their mining servers unless he sends them US dollars.

    • You joke, but blackmailing the Chinese to verify a transaction moving some long-untouched Bitcoin that's probably long-forgotten wouldn't be the worst scheme in the world.

      Honestly, I'm surprised the Chinese miners haven't done it for themselves. As long as they don't touch the stuff supposedly mined by Satoshi, and randomly distribute their fraudulent transactions across the ledger and over time, it's unlikely they'd get caught.

      • You don't need to blackmail them. Their entire business is verifying transactions. Just put the transaction on the network and they'll verify it automatically. Of course, in order to generate a valid transaction to move funds from one wallet to another you'll need the private key of the source wallet, which you aren't going to get by blackmailing the miners because they don't have it.

        You could blackmail them to put an invalid transaction in, but what would the point be? Nobody would accept the block.

  • by Anonymous Coward

    Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.

    APK, sir, your time has come. -PCP

  • It's a Bitcoin article on Slashdot, but as of yet nobody has complained that this is some sort of guerilla BUY BTC marketing. Also the only reference so far to Chinese miners tripped over itself in a clumsy "wild west/colonizing mars" analogy.

    will check in a few hours later to see if the predictable /. comments surface. Hope i'm not forced to read at (-1) to find them though.
    • by cfalcon ( 779563 )

      > It's a Bitcoin article on Slashdot, but as of yet nobody has complained that this is some sort of guerilla BUY BTC marketing

      It doesn't look like a pump, so why would anyone call it that? It's a vulnerability with apparently a lot of mining rigs. I imagine most of them will be guarded by the end of the week, if they aren't already, now that this vulnerability is exposed. Almost everything about bitcoin is some kind of sketchy, I'd be surprised if miners trusted their hardware anyway.

      • by beckett ( 27524 )
        >It doesn't look like a pump, so why would anyone call it that? It's a vulnerability with apparently a lot of mining rigs.

        most people don't actually read the article, or the summary, and they talk about whatever they want. it's slashdot, dontcha know

        Slashdot just isn't a great place for discussing bitcoin in anything but the most general terms. Looking through the comments about 5 hours later and there are still people that have first principle discussions about fiat currency, dated comparisons wi
  • by reanjr ( 588767 ) on Thursday April 27, 2017 @06:39PM (#54316445) Homepage

    Highly misleading. If miners are shut down, Bitcoin transaction processing would operate a bit slower for a bit, then it would adjust to the new capacity.

    Yawn...

    • Yawn...

      I wouldn't yawn yet. One of the risks of Bitcoin is that if you control more than 50% of the mining you can fudge the blockchain. This could potentially affect 70% of mining operations. I'll bet you a Marsbar it won't affect all parties equally.

  • It's a DRM/Phone home feature. A backdoor would be running arbitrary code specified by the manufacturer OR changing the mining workload so the mining activity benefits a Bitcoin address different from the one configured by the owner of the unit.

    • by cfalcon ( 779563 )

      > so the mining activity benefits a Bitcoin address different from the one configured by the owner of the unit

      I'm sure someone would benefit from a sudden, unexpected, and precipitous drop in mining capacity and some manner of hit on transactions as well. It isn't like the price of bitcoin is exactly stable.

  • by Anonymous Coward

    Long time Slashdot reader (10 years) who has yet to create an account (it's on my bucket list), so posting as an AC for now.

    I've always considered Bitcoin to be something of a Ponzi scheme, though I've never been able to pin-point when it would collapse. Upon seeing Bitmain's latest ASIC miner, developed on a 14nm process, I think I've narrowed down the time-frame. 14nm is at the limit of commercial fabrication (Kaby Lake shares the same process node), though historically ASIC's I've seen were develope

    • by Anonymous Coward

      "I welcome debate on the topic."
      I seriously doubt you do.

      a) your technological analysis is completely flawed.
      b) you don't understand what a ponzi scheme is.
      c) well you are just kinda trolling so meh

    • Mining difficulty cannot run faster than miners capacity, because it adjusts to miners capacity, ensuring that on average it takes the same amount of time to validate a block. It just that more and more hardware is being thrown at it, but it can't collapse because it becomes unfeasible to mine a block. If the price were to drop, it might become financially unsustainable though.
    • I've always considered Bitcoin to be something of a Ponzi scheme

      As opposed to the Ponzi schemes called USD, EUR and the like? Please, before you criticize an alternative to old systems, try learning something about the old ones first. You might find there was something wrong with the old scheme, and hence new alternatives were proposed.

      I wonder what will happen when the computational power required to feasibly mine bitcoin exceeds the limitations of what cutting edge semiconductor processes can deliver.

      Next, try learning something about Bitcoin itself. Basically, what matters to your income and influence on the network is your _proportion_ of the total computing power of the network. There's no absolute requirement to worry about.

  • by mentil ( 1748130 )

    if such command would ever be sent, it could potentially brick the customer's device for good.

    Ssh, noone tell BrickerBot.

  • by Anonymous Coward

    shutting down mining equipment from a particular vendor will not stop bitcoin mining. even if it is as much as 99% of hardware miners. in fact, it will have no effect on the bitcoin network block generation or transaction speed. all it means is that the remaining miners will have easier job to do and will earn more reward coins.

  • by Anonymous Coward

    For those who are not familiar with what is currently going on in Bitcoin, there is a scaling debate, some call it a scaling war, which may result in a chain split. If a split happens, the chain with more hashing power will prevail. Say, you are mining on chain A and your competing chain is chain B. If you are able to disrupt chain B for several hours, maybe several days you may use your hashing advantage to mine empty blocks on the competing chain B. You want to keep these blocks secret. Once chain B regai

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...