The 2019 MIT Bitcoin Expo happened over the weekend, and the event featured a panel discussion around blockchain attack vectors and bitcoin security. This panel was moderated by Arwen CEO Sharon Goldberg, and the panelists were Bitcoin Core contributor Cory Fields, Digital Currency Initiative Undergraduate Researcher James Lovejoy, and Chaincode Labs Software Engineer Carl Dong.
Bugs at the Lower Levels
During a conversation around specific vulnerabilities that have popped up in the cryptocurrency space over the years, Dong pointed out that people need to be on the lookout for bugs in areas other than cryptocurrency-related software. Specifically, Dong noted that bugs in things like Unified Extensible Firmware Interface (UEFI), Intel Management Engine (ME), and Intelligent Platform Management Interfaces (IPMIs) could be exploited in an attempt to do something like steal someone else’s bitcoin stash.
This type of low-level software resides underneath the operating systems installed on computers.
“They basically have more than kernel access — more than root access to your entire machine. And so yeah, I think people should look at that,” explained Dong.
Dong added that efforts have been made to push back against proprietary firmware via alternatives like coreboot.
“I think the kernel protects processes from accessing each other’s memories, and if you have basically more than kernel access to memory, then you can basically be able to read anything that’s on there. And I think that’s bad,” explained Dong.
Bitcoin Needs a Secure Base
This whole discussion brought up a key issue with Bitcoin, which is that the network should not be built on top of an unsecure base. Goldberg pointed out that the idea everyone should control their own money on their own devices may not work well if the software on those devices is too complex to know if it’s secure.
“I’m about to ask an obnoxious question now because you’re setting off this dilemma that I always have in my own head,” said Goldberg. “A lot of us here come from this world in which [we say], ‘Not your keys, not your coins.’ And that’s certainly the world that I come from. And then we have Carl here telling us that like — I don’t even know — some part of the stack I’ve never heard of is going to have a vulnerability that’s going to allow this thing to go into memory and steal all my coins, and that sounds really bad.
“So, I don’t want this thing on my computer. What’s your view on this whole notion that we’re trying to move into this world in which we all hold our own keys — we don’t have to trust the centralized entity with keys — and then on the other hand we have these computer systems that are so complicated that a bug in the God-knows-what is going to basically steal all of your money that you’ve never even heard of? And maybe you’re like running all the anti-virus and you cleaned everything up and you’re running a VM that’s completely wiped with nothing and only has your coins on it. And still you have these vulnerabilities. Like, what do you do? What do we do?”
In response to Goldberg’s point, Dong stated that the tech world has moved a little too fast without keeping security in mind.
“The only way we’re going to get [better security] is if more vulnerabilities are exploited in the wild and people’s attentions are drawn towards this because I think a lot of companies — they perhaps ignore the advice of their security researchers because they’ve got to move fast and they’ve got to have revenue,” said Dong.
Dong added that cryptocurrencies create a world where once-theoretical vulnerabilities become extremely profitable to exploit, so perhaps that will bring more of these potential exploits into the open.
Looking further ahead, Lovejoy pointed out that open hardware may be the proper way forward.
“Maybe the future is open-source hardware,” said Lovejoy. “We’ve sort of got to a point where we have a lot of open software that we can all read the code of, but at the moment we’re still completely reliant on totally proprietary hardware.”
Of course, there are also things like hardware wallets and the ability to store crypto assets on pieces of paper that can help bridge the gap for now, but it is also desirable for general-purpose consumer devices to be much more secure as well.
ROOM 10-250 D1 AM
1:46:10 There’s a Huge Issue with Bitcoin’s ‘Not Your Keys, Not Your Coins’ Philosophy
-go until carl says power 9 talos
“I think that the tech world has been moving a little too fast and haven’t really been thinking about security that much. But I think — maybe it’s bad news — but with cryptocurrencies I think we’re entering a world where vulnerabilities that were theoretical are now extremely profitable to exploit. And so, hopefully they’ll bring things to the forefront.” - carl
The Complexity of Bitcoin Bugs
“I sometimes feel like the only thing that protects us is like how complex these bugs are and how hard it is to understand them, so it’s like the people who can fix them have a little bit of a head start because you actually understand what’s going on and then the rest of the world like figures it out and by then you’ve patched it.”
“Talking about things that are present out there that are too complex for people to exploit or people just don’t want to — things that are ring zero bugs like Intel Management Engine or IPMIs that are out there that have buggy firmware. You know, these are things that exist in modern data centers and Intel MT I think Intel’s trying to basically push it to every Intel machine possible.
“The UEFI stack is sometimes very bloated. The UEFI stack sometimes includes a network stack in it as well, so if you — and of course your IMPI can also communicate over ethernet” - carl
At one point in the panel, the question of how bitcoin can possibly be used securely came up in relation to all of the vulnerabilities that could potentially be out there in widely deployed software.
-crowd laughs at end with vulns
-sharon asks what is the right way to store coins
-carl says paper wallet with a hexadice
-vertcoin guy jokingly said you could buy an open fpga and write your own hardware implementation