Discovery of vulnerability Foreshadow impacts future of cryptocurrencies

in busy •  6 years ago 

Another serious security breach was unveiled on Tuesday, August 14, with possible dominant effects throughout the world of technology, including cryptocurrency projects that seek to take advantage of certain hardware devices.

After a couple of bugs revealed earlier this year, the Foreshadow vulnerability affects all Intel Software Protection Extension (SGX) enclaves, a special, supposedly extra-secure chip region that is often used to store data. confidential.

Although the enclave is supposed to be invulnerable, a group of researchers found a way for an attacker to steal the information it stores.

For many, Meltdown and Specter were scary enough. The errors affected every Intel chip, the hardware that powers most of the world's computers. But, since it was not so easy to execute, there were not many attacks in the real world.

Foreshadow might not sound that bad, because it affects a more specific type of Intel hardware: SGX. However, since many cryptocurrency projects plan to use this technology, Foreshadow could have even worse ramifications for the world of cryptocurrencies.

By the way, the creator of Signal, Moxie Marlinspike, is in the process of advising a new, supposedly greener currency called MobileCoin, which places SGX at the center, even raising US $ 30 million for its development.

Consequently, these projects must be restructured before their actual launch.

"The findings published today have a major impact on cryptocurrency projects," Cornell University security researcher Phil Daian told CoinDesk.

The good news, however, is that researchers followed the "responsible disclosure process" of the security world to detect errors, alerting Intel before showing it, so that the company could find a solution (which was implemented a few months ago). ), although the world of security is making a lot of noise because it might still not be enough.

"Because many of these systems are slow to update and because many of these solutions involve existing hardware or new versions of it, it is likely that the infrastructure will remain vulnerable to this kind of attacks for a long time," said Daian, adding:

"It would be surprising if at some point this type of attack is not used to steal cryptocurrencies."

But there is good and bad news ...

On the one hand, it seems that none of the high-profile SGX projects in cryptocurrencies are still used to secure real money. "As far as I know, there is no SGX system in production or widespread use in space today," said Daian.

The bad news is that there are many projects that want to use SGX, and maybe they even have plans to do it soon. And the ideas are great.

MobileCoin is perhaps the most ambitious, as the developers of the project want to replace the miners, a crucial part of securing any cryptocurrency, with these enclaves to build a cryptocurrency with greater energy efficiency, and there are many others who want to use SGX for their security and privacy gains.

Enigma is using it in a single bet to increase privacy in smart contracts, while Ledger, the hardware wallet company, came to partner with Intel to explore the use of SGX as a new way to store private keys. And the list goes on.

Enigma argued, however, that the impact of the error has been exaggerated.

"Like any software or hardware, the discovery and resolution of potential vulnerabilities is a normal and expected part of the development process. In this case, the vulnerability has already been addressed by Intel and in no way diminishes the potential of the SGX technology, "said Guy Zyskind, CEO and co-founder of Enigma, in a statement.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Source
Plagiarism is the copying & pasting of others work without giving credit to the original author or artist. Plagiarized posts are considered spam.

Spam is discouraged by the community, and may result in action from the cheetah bot.

More information and tips on sharing content.

If you believe this comment is in error, please contact us in #disputes on Discord