Hot Topics

Advertisement

Advertisement

MIT Panel Discusses Proprietary Firmware As Security Risk For Bitcoin Users

MIT Panel Discusses Proprietary Firmware As Security Risk For Bitcoin Users

The 2019 MIT Bitcoin Expo happened over the weekend, and the event featured a panel discussion around blockchain attack vectors and bitcoin security. This panel was moderated by Arwen CEO Sharon Goldberg, and the panelists were Bitcoin Core contributor Cory Fields, Digital Currency Initiative Undergraduate Researcher James Lovejoy, and Chaincode Labs Software Engineer Carl Dong.

Bugs at the Lower Levels

During a conversation around specific vulnerabilities that have popped up in the cryptocurrency space over the years, Dong pointed out that people need to be on the lookout for bugs in areas other than cryptocurrency-related software. Specifically, Dong noted that bugs in things like Unified Extensible Firmware Interface (UEFI), Intel Management Engine (ME), and Intelligent Platform Management Interfaces (IPMIs) could be exploited in an attempt to do something like steal someone else’s bitcoin stash.

This type of low-level software resides underneath the operating systems installed on computers.

“They basically have more than kernel access — more than root access to your entire machine. And so yeah, I think people should look at that,” explained Dong.

Dong added that efforts have been made to push back against proprietary firmware via alternatives like coreboot.

“I think the kernel protects processes from accessing each other’s memories, and if you have basically more than kernel access to memory, then you can basically be able to read anything that’s on there. And I think that’s bad,” explained Dong.

Bitcoin Needs a Secure Base

This whole discussion brought up a key issue with Bitcoin, which is that the network should not be built on top of an unsecure base. Goldberg pointed out that the idea everyone should control their own money on their own devices may not work well if the software on those devices is too complex to know if it’s secure.

“I’m about to ask an obnoxious question now because you’re setting off this dilemma that I always have in my own head,” said Goldberg. “A lot of us here come from this world in which [we say], ‘Not your keys, not your coins.’ And that’s certainly the world that I come from. And then we have Carl here telling us that like — I don’t even know — some part of the stack I’ve never heard of is going to have a vulnerability that’s going to allow this thing to go into memory and steal all my coins, and that sounds really bad.

“So, I don’t want this thing on my computer. What’s your view on this whole notion that we’re trying to move into this world in which we all hold our own keys — we don’t have to trust the centralized entity with keys — and then on the other hand we have these computer systems that are so complicated that a bug in the God-knows-what is going to basically steal all of your money that you’ve never even heard of? And maybe you’re like running all the anti-virus and you cleaned everything up and you’re running a VM that’s completely wiped with nothing and only has your coins on it. And still you have these vulnerabilities. Like, what do you do? What do we do?”

In response to Goldberg’s point, Dong stated that the tech world has moved a little too fast without keeping security in mind.

“The only way we’re going to get [better security] is if more vulnerabilities are exploited in the wild and people’s attentions are drawn towards this because I think a lot of companies — they perhaps ignore the advice of their security researchers because they’ve got to move fast and they’ve got to have revenue,” said Dong.

Dong added that cryptocurrencies create a world where once-theoretical vulnerabilities become extremely profitable to exploit, so perhaps that will bring more of these potential exploits into the open.

Looking further ahead, Lovejoy pointed out that open hardware may be the proper way forward.

“Maybe the future is open-source hardware,” said Lovejoy. “We’ve sort of got to a point where we have a lot of open software that we can all read the code of, but at the moment we’re still completely reliant on totally proprietary hardware.”

Of course, there are also things like hardware wallets and the ability to store crypto assets on pieces of paper that can help bridge the gap for now, but it is also desirable for general-purpose consumer devices to be much more secure as well.

ROOM 10-250 D1 AM

1:46:10 There’s a Huge Issue with Bitcoin’s ‘Not Your Keys, Not Your Coins’ Philosophy

-go until carl says power 9 talos

“I think that the tech world has been moving a little too fast and haven’t really been thinking about security that much. But I think — maybe it’s bad news —  but with cryptocurrencies I think we’re entering a world where vulnerabilities that were theoretical are now extremely profitable to exploit. And so, hopefully they’ll bring things to the forefront.” - carl

The Complexity of Bitcoin Bugs

“I sometimes feel like the only thing that protects us is like how complex these bugs are and how hard it is to understand them, so it’s like the people who can fix them have a little bit of a head start because you actually understand what’s going on and then the rest of the world like figures it out and by then you’ve patched it.”

“Talking about things that are present out there that are too complex for people to exploit or people just don’t want to — things that are ring zero bugs like Intel Management Engine or IPMIs that are out there that have buggy firmware. You know, these are things that exist in modern data centers and Intel MT I think Intel’s trying to basically push it to every Intel machine possible.

“The UEFI stack is sometimes very bloated. The UEFI stack sometimes includes a network stack in it as well, so if you — and of course your IMPI can also communicate over ethernet” - carl

At one point in the panel, the question of how bitcoin can possibly be used securely came up in relation to all of the vulnerabilities that could potentially be out there in widely deployed software.

-crowd laughs at end with vulns

-vertcoin guy pointed out 10 lines of javascript on a webpage are enough to attack via electrum bug

-sharon asks what is the right way to store coins

-carl says paper wallet with a hexadice

-vertcoin guy jokingly said you could buy an open fpga and write your own hardware implementation

You can share this post!

Advertisement

The benefits of Ethereum 2.0 will come sooner rather than later according to Vitalik Buterin

The benefits of Ethereum 2.0 will come sooner rather than later according to Vitalik Buterin

Quick take

1 minute read

  • Vitalik Buterin, has recently answered a number of questions from the community as a part of a “ask me anything“ session on Reddit. 
  • The co-founder highlighted many different topics but specifically said that he expects some significant and noticeable network improvements to come for the project sooner rather than later. 

Vitalik Buterin, the co-founder of one of the biggest crypto projects in the industry known as Ethereum has recently answered a number of questions from the community as a part of a “ask me anything“ session on Reddit. The co-founder highlighted many different topics but specifically said that he expects some significant and noticeable network improvements to come for the project sooner rather than later. He further said:

“TLDR: merge happens faster, PoS happens faster, you get your juicy 100k TPS faster.”

Over the years, the network for Ethereum has experienced some significant rounds of high congestion. Three years ago in 2017, the popular CryptoKitties game slowed down the network massively but with the decentralised finance space growing rapidly, the network has been seriously clogged up.

As a result of this, it has led to high fees and longer than average confirmation times.

With Ethereum 2.0 very much just around the corner, there is a significant scaling upgrade solution that is supposedly going to speed up the network rapidly. This will increase the number of transactions per second and it will also move the blockchain to a different consensus algorithm known as a proof of stake. Phase 0 for the upgrade is set to occur on the 1st of December in two weeks!

The co-founder further went on to say that “all of these changes are designed to decrease the time until eth2 becomes useful to people.” 

For more news on this and other crypto updates, keep it with CryptoDaily!

© 2020 CryptoDaily All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

You can share this post!

The second richest man in Mexico invest 10% of his portfolio into BTC

The second richest man in Mexico invest 10% of his portfolio into BTC

Quick take

1 minute read

  • Ricardo Salinas Pliego is the second wealthiest businessman in Mexico and the 166th richest man in the world. 
  • It was recently announced last week that he has invested 10% of his liquid portfolio into the leading cryptocurrency, bitcoin. 

Ricardo Salinas Pliego is the second wealthiest businessman in Mexico and the 166th richest man in the world. It was recently announced last week that he has invested 10% of his liquid portfolio into the leading cryptocurrency, bitcoin. This came after he shared a video throwing huge amounts of paper money into the garbage. Not only does it show how worthless the government-issued cash is in today’s world but it also shows how important digital assets such as bitcoin could become.

Furthermore, the video indicates the hyperinflation and how bad it got in Venezuela.

Ricardo is worth more than $11 billion at the time of writing and is the only billionaire from Mexico who seems to have benefited from the coronavirus pandemic and the economic crisis that has come as a result.

For more news on this and other crypto updates, keep it with CryptoDaily!

© 2020 CryptoDaily All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Related TAGS:

You can share this post!

Coinbase co-founder, Fred Ehrsam set to join Fireblocks as a member of the board

Coinbase co-founder, Fred Ehrsam set to join Fireblocks as a member of the board

Quick Take

1 minute read

  • Fred Ehrsam, the co-founder of the crypto platform known as Coinbase is getting ready to join the digital asset security platform Fireblocks. 
  • It was announced last week that Fred would be joining the board following a recent round of funding.

Fred Ehrsam, the co-founder of the crypto platform known as Coinbase is getting ready to join the digital asset security platform Fireblocks. It was announced last week that Fred would be joining the board following a recent round of funding.

The co-founder of the well-known crypto platform is getting ready to join the company as a board member following a $30 million funding ground to help expand its operations on an international level.

Throughout 2020, Fireblocks has launched a secure asset transfer network which would allow more institutions to efficiently transfer assets on chain. And on top of this, the platform also announced that it has seen more than $150 billion in transferred assets over the course of the past year. Fred has said:

“Fireblocks has become the go-to for any business looking to build new digital asset operations or scale existing ones… The extraordinary growth of the Fireblocks Network and its team in the last year attests to the enormous value they have unlocked for enterprise and institutional customers.”

 

For more news on this and other crypto updates, keep it with CryptoDaily!

© 2020 CryptoDaily All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

You can share this post!

XRP Price Analysis: XRP Continues Correcting

XRP Price Analysis: XRP Continues Correcting

This analysis brought to you by RoboForex.

On Friday, November 27th, XRP has reached stability but is still correcting and trading at $0.5550.

As we can see in the daily chart, after finishing a quick rising wave, XRP/USD price is correcting to the downside. At the moment, the asset is trading close to 61.8% fibo, a breakout of which will indicate further pullback towards 50.0% fibo. The MACD histogram has broken 0 and is still moving to the upside – it may be another signal in favor of a new rising impulse. The upside target of the completion of the correction will be at 0.6800.

In the H4 chart, the cryptocurrency continues correcting to the downside. Right now, it is testing the support level, a breakout of which will result in further decline towards 50.0% fibo. The Stochastic indicator has formed a “Black cross” inside the “overbought area” and is still falling, which is an additional signal in favor of further decline towards 50.0% fibo. After completing the correction, the asset may test and break 61.8% fibo, and then continue trading upwards. The upside target is similar to the daily chart, 0.6800.

Ripple started its rally on November 20th, together with other cryptocurrencies. There are a lot of explanations of why it happened, from investors’ search for alternatives to fiat instruments to a surge in interest in cryptoassets from institutional players. Indeed, all of this really took place and, of course, expansion of the interest was in favor of cryptocurrencies. The entire market is on the rise but since “trees don’t grow sky-high”, active purchases faded to the correction.

Over this period of time, XRP has managed to update its high reached in May 2018. The asset is still moving like 80% below the highs of January 2018, when it was trading at $3.7, but investors are surely positive about further growth.

At the moment, XRP is back to third place in the list of the strongest and most popular cryptoassets.

By Dmitriy Gurkovskiy, Chief Analyst at RoboForex

 

Disclaimer

Any predictions contained herein are based on the author's particular opinion. This analysis shall not be treated as trading advice. RoboForex shall not be held liable for the results of the trades arising from relying upon trading recommendations and reviews contained herein.

 

© 2020 CryptoDaily All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

You can share this post!