High-Risk Security Vulnerabilities Detected in the EOS Blockchain Platform
As first reported by Chinese news source Weibo, a team at China’s Internet security giant, Qihoo 360 (SHA: 601360) has discovered a series of high-risk security vulnerabilities in blockchain platform EOS.
1/ Chinese Internet security giant 360 has found "a series of epic vulnerabilities" in the #EOS platform. Some of the bugs allow arbitrary code to be executed remotely on EOS nodes and even taking full control of the nodes.
Source (in Chinese): https://t.co/pt6nj6EodP
— cnLedger [Not giving away ETH] (@cnLedger) May 29, 2018
It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node. This means that remote attacks can directly control and take over all nodes running on EOS. Accordingly, the “series of epic vulnerabilities” were reported by 360 to the EOS team. An EOS spokesman has said that the “EOS network will not be officially launched until these issues are fixed.”
Series of Epic Vulnerabilities
According to findings, the bug makes the EOS system vulnerable to attackers deploying smart contracts with malicious code to the EOS super node. The EOS super node will execute this malicious contract and trigger a security hole. The attacker then re-uses the super node to package the malicious contract into a new block, which in turn allows all full nodes in the network (alternate super node, exchange reload point, digital currency wallet server node, etc.) to be controlled remotely, making everyone linked to the blockchain susceptible to the attack.
With complete control, the attacker is free to steal the key of the EOS super node and control virtual currency transaction of the EOS network, thereby acquiring other financial and privacy data in the EOS network participating node system – such as an exchange’s digital currency, the user keys stored in the wallet, key user profiles, privacy data, and more. The attacker could even turn a node in the EOS network into a member of a botnet, launch a cyber attack or become a free “miner” and dig for other digital currencies.
Capable of Triggering Storm Attacks on the Network
A security vulnerability implemented in a blockchain node can cause thousands of nodes to be attacked. Even the lowest-risk vulnerability is capable of triggering storm attacks on the entire network in a blockchain network. The entire digital currency system, thus, remains vulnerable to such instances. The above is a key example of how the decentralized computing characteristic of the blockchain system can sometimes become a bane instead of a boon.
The 360 team has, therefore, urged the teams and companies in the blockchain and cryptocurrency industries to pay greater attention to the security of blockchain projects, as more vulnerability could also be found on other cryptocurrencies in future.
Image Credit: Deposit Photos