Bitmain Antminer Backdoor? The Truth Behind Antbleed Bitcoin Attack

in #cryptocurrency7 years ago

A function implemented in Bitmain Antminer code allows a remote server to disable Bitcoin mining. This function currently connects to a domain owned by Bitmain. Is Bitmain evil?

What is it?

This bug is a part of the Antminer firmware and as described on the Antbleed website:

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

This has since been patched by Bitmain. At the very worst, this backdoor could allow Bitmain to shut off a large section of the global hashrate as the Antminer line of miners makeup around 70% of the total Bitcoin miners in use. It is important to note that even without Bitmain being malicious, the API is unauthenticated and could allow a man-in-the-middle, DNS or domain hijack to shutdown Antminers.

This is by no accounts a good thing, however it is important to mention that Bitmain's miner software is open source and a fix was issued quickly. It is also important to note that an experienced miner would be running their miners behind a firewall which would prevent this outgoing connection.

Why is there a backdoor to my miner?

Despite many community members accusing Bitmain of ill-intentions, looking back objectively, the reason looks to be a feature called Minerlink. Reddit user achow101 describes the possible explanation after looking at the code:

I have analyzed the code and I have determined how this is happening and most likely why it was put there.
[...]
Now for the why.
Bitmain previously was going to launch a service called Minerlink. This service never launched, but it was intended get the "real-time miner status remotely". There is probably a feature that allows you to make sure that the only miners submitting work for you are your miners, hence the need for an auth url. It is also possible that another feature was to allow you to remotely stop a machine from mining if it were misbehaving. This would explain why this code was put there in the first place. However, since minerlink does not exist, this functionality is now a liability and should have been removed long ago. -/u/achow101

After my review of the issue, this explanation seems to be the most probable. However, as achow101 mentions, this liability should not have have been left in production code.

What does Bitmain have to say?

Bitmain confirms the vulnerability is a result of their Minerlink service in their blog post this morning. Bitmain opens with their strong point that Antminer software is open source (unlike other mining hardware providers) and that the feature was never intended to be malicious. The developers of the feature, who meant to protect miners who have compromised servers, acknowledge and apologize for the sloppiness of leaving parts of this unfinished feature in the code. Bitmain also points out the insecurities present in the current stratum mining software and ask the community to come together to strengthen security.

This feature was intended to allow the owners of Antminer to remotely shut down their miners that may have been stolen or hijacked by their hosting service provider, and to also provide law enforcement agencies with more tracking information in such cases. We never intended to use this feature on any Antminer without authorization from its owner. This is similar to the remote erase or shutdown feature provided by most famous smartphone manufacturers.

However, this feature was never completed. We started to develop this feature since Antminer S7 and wanted to finish its development on the Antminer S9. We hoped to make it a useful feature that we could advertise to our customers. But, due to some technical problems, we were unable to finish the development of this feature and shut down the testing server in December 2016. It is a bug to leave the code there before the feature is fully complete and acknowledged to the users. This bug has now been pointed out in context of Bitcoin’s scaling roadmap debate and has caused considerable misunderstandings within the Bitcoin community. We apologize for this.

-Bitmain official statement

Is Bitmain in the wrong here?

Well as with anything, true intentions are difficult to tell. However, with this instance, it looks like even though Bitmain was a bit sloppy with the development of a new feature, this is not the malicious takeover of the miners/Bitcoin that many community members are making it out to be. A lot of Bitmain's defense on this issue is their software is open source. The code for this feature was out there for all Antminer users to see or change for themselves. None of this stops members in the community from attacking Jihan Wu, Bitmain's CEO for personal reasons.

What this issue really should show the community is how much diversification of the mining ASIC market is needed. With Bitmain supplying a vast majority of the mining hardware, the goal of decentralization we set out for is not achieved; even if Bitmain is the world's most trustworthy company.

Stay decentralized,
Kyle

antbleed

#bitcoin #mining #news #blockchain
7 years ago in #cryptocurrency by
$2.80
  • Past Payouts $2.80, 0.00 TRX
  • - Author $2.13, 0.00 TRX
  • - Curators $0.67, 0.00 TRX
34 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Cheers for this indepth post man :)

    Coin Marketplace

    STEEM 0.18
    TRX 0.15
    JST 0.029
    BTC 62647.29
    ETH 2439.61
    USDT 1.00
    SBD 2.66