Backdoor Code Discovered in Popular Bitcoin Mining Equipment

[MrBurnZZ]

I came across the article. Anyone who mines with Bitmain Antminers should see this article. Hope this helps " Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

The patch was introduced here (pastebin) and can be seen in the source: here (github)

At worst, this firmware backdoor allows Bitmain to shut off a large section of the global hashrate (estimated to be at up to 70% of all mining equipment). It can also be used to directly target specific machines or customers. Standard inbound firewall rules will not protect against this because the Antminer makes outbound connections.

Even without Bitmain being malicious, the API is unauthenticated and would allow any MITM, DNS or domain hijack to shutdown Antminers globally. Additionally the domain in question DNS is hosted by Cloudflare making it trivially subjected to government orders and state control."

"Around 70% of Bitcoin hashrate affected

Bitcoin Core developer Peter Todd says "any MITM attacker or DNS attacker can activate it [Antbleed backdoor]" as there is no authentication mechanism included in the firmware."

 

https://www.bleepingcomputer.com/news/security/backdoor-code-discovered-in-popular-bitcoin-mining-equipment/

http://www.antbleed.com/

 

Edited August 17, 2017 by MrBurnZZ

[WkdPaul]

Thanks for the fix, moved back to the new section

[DLex]

Umm... the linked article also says this.

"UPDATE [April 28, 2016]: Bitmain has issued a firmware update that removes the backdoor code. The company explained in a blog post the reasons the code was included in the firmware in the first place, and apologized to customers."

[Prysin]

22 minutes ago, DLex said:

Umm... the linked article also says this.

"UPDATE [April 28, 2016]: Bitmain has issued a firmware update that removes the backdoor code. The company explained in a blog post the reasons the code was included in the firmware in the first place, and apologized to customers."

it says what?

 

Blog Post?

[NumLock21]

2 minutes ago, Prysin said:

it says what?

 

Blog Post?

It says backdoor already patch of last year.

[The Benjamins]

36 minutes ago, DLex said:

Umm... the linked article also says this.

 

"UPDATE [April 28, 2016]: Bitmain has issued a firmware update that removes the backdoor code. The company explained in a blog post the reasons the code was included in the firmware in the first place, and apologized to customers."

Glad to see why they did it and that they fixed this issue quickly.

[Nicnac]

39 minutes ago, Prysin said:

it says what?

 

Blog Post?

The reason they say was that there were 3 incidents where a very large amount of miners was stolen or withheld by others from their customers. 

[WkdPaul]

3 hours ago, NumLock21 said:

It says backdoor already patch of last year.

Doing a quick search shows this happened in April 2017, somehow they got the year wrong.