Owners Of Bitmain’s ASIC Miners Are Under The Risk Due To Vulnerability
Bitcoin Core developer James Hilliard discovered a vulnerability in software for Antminer S15 devices, which allows attackers to fully control ASIC. At the same time, the developer is convinced this is not the only version of Bitmain software to incluide vulnerability.
@BITMAINtech tried and failed to lock down the S15 firmware, I identified the vulnerability and @00whiterabbit wrote/tested the attack code. Once @BITMAINtech complies with the GPL licenses for the firmware I will disclose the vulnerability to them so that they can fix it. pic.twitter.com/zwsAaPQjRL
— James Hilliard (@james_hilliard) February 12, 2019
However, a Twitter user under the nickname @00whiterabbit modeled the attack, which allowed him to replace the payment address, turn off the device, and even completely replace the software. Despite the fact the hacker needs to go through a firewall, there is a risk of S15 attack.
It is noteworthy that the developer is ready to provide Bitmain with information about the vulnerability only if the company provide with its software released under the GNU GPL license. Gillard is convinced that the mining giant violates the license terms by hiding the code from users.
00whiterabbit added his exploit was not intended to bypass user authentication. His goal, he stressed, is to return control of the software directly to the miners.
To everyone following: this exploit IS NOT DESIGNED to bypass user authentication, but instead to return control back to legitimate owners of S15s
— White Rabbit (@00whiterabbit) February 20, 2019
Recall that Bitmain introduced the S15 and T15 models based on the 7-nanometer BM1391 chip last November. Their price was $ 1,475 and $ 913, respectively.
In September 2018, Braiins Systems introduced software for open source ASIC miners based on the Linux family of operating systems — Braiins OS or bOS. Then the company’s blog published information about Antbleed backdoor, which allegedly allowed Bitmain to take over control of Antminer devices.