Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware?

Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware?

As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.

A few weeks ago, Bitcoin Core contributor James Hilliard discovered an exploit in Bitmain’s S15 firmware. The pseudonymous Twitter user 00whiterabbit, also known simply as “john,” subsequently wrote exploit code based on Hilliard’s findings. A video proving that the exploit code worked was shared on Hilliard’s Twitter account last week.

Hilliard is offering to disclose the vulnerability to Bitmain but under one condition: Bitmain would have to comply to the GNU General Public License (GNU GPL), the popular open source license that the Chinese mining giant is currently breaching, and open source its firmware.

“Bitmain firmware is very buggy in general,” Hilliard told Bitcoin Magazine, “and it’s important for the health of the Bitcoin network that users be able to fix the bugs Bitmain introduces.”

The Exploit

Hilliard, who is perhaps best known for proposing BIP91, discovered the vulnerability several weeks ago by auditing a firmware update file on Bitmain’s support site. While details have not yet been disclosed, the exploit was found in firmware of the S15, the company’s most powerful SHA256 miner in store. Hilliard thinks the same vulnerability almost certainly exists in all of Bitmain’s mining firmware.

“I’m also quite sure there are many other vulnerabilities in the firmware,” he added. “It is very poorly designed when it comes to security.”

When exploited, the vulnerability gives users root access to the machine — which is supposed to be impossible. In theory, this can be done remotely using just the IP address of the miner, and means the machine can be reprogrammed to do just about anything. This includes mining to a different Bitcoin address or having it stop mining entirely. The firmware could also be replaced by different firmware altogether (such as Braiins OS or Dragonmint firmware).

In practice, however, it’s unlikely the machines can be remotely exploited at all. For one, as long as the miner is properly firewalled and/or protected with a strong username and password, it cannot be broken into. And second, without access to the firmware’s source code, it’s difficult to make compatible custom firmware. As such, this specific vulnerability is perhaps not the main issue. “The bigger problem is that Bitmain firmware is generally quite buggy,” said Hilliard.

Indeed, this is not the first time a vulnerability has been found in Bitmain’s firmware. In early 2017, an anonymous security engineer found that almost all Antminer machines could be shut down remotely. Dubbed “Antbleed,” this previous vulnerability could have probably knocked about half of all hash power on the Bitcoin network offline. It was arguably not just a problem for Antminer owners, but a security risk for the entire Bitcoin network.

The License

Hilliard and 00whiterabbit have not released the exploit code — but they are developing a version of it to be released eventually. The two are also willing to disclose the vulnerability to Bitmain, allowing the hardware producer to patch their firmware and fix the vulnerability. But only if Bitmain stops breaching the GNU GPL.

Bitmain’s firmware is built on the Linux operating system as well as cgminer: open source mining software developed by Hilliard and others. Both Linux and cgminer are licensed under the GNU GPL. This widely used open source license allows anyone the freedom to run, study, share and modify the software — under the condition that the resulting software is free, too.

“Legally, therefore, Bitmain’s firmware should be open source as well,” Hilliard explained. “But Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It’s a centralization risk.”

It is not very clear why the mining giant is breaching the GNU GPL. Hilliard suspects it is “probably to prevent users from overclocking their machines and support costs associated with that.” Others have suggested Bitmain may prefer to keep its firmware closed source because this makes it harder for attackers to find vulnerabilities.

So far, Bitmain has not commented on the exploit at all, and its firmware is still closed source. As such, there is little reason to believe the company will change its ways now — though Hilliard remains hopeful Bitmain will comply with the GPU GPL and encourages users to file a request to have the code open sourced.

“In the past they have released what appeared to be the real source, presumably because there was public pressure to do so,” Hilliard said. “So, maybe?”

Bitroin Magazine reached out to Bitmain to ask what the company knew of the vulnerability that Hilliard found and if it had plans to fix it. We also asked if they had any intention of complying with the GNU GPL. In response, a Bitmain spokesperson issued the following statement:

“We are truly grateful to the open-source community in identifying potential vulnerabilities and we are actively investigating the matter. We will continue to do what is necessary to ensure the best and safest possible mining experience for Antminer customers.”

This article originally appeared on Bitcoin Magazine.

Bitmain Unveils Its Latest Energy-Efficient Mining Chip for Bitcoin

Bitmain Unveils Its Latest Energy-Efficient Mining Chip for Bitcoin

China-based mining giant Bitmain has announced a new mining rig that uses less power. The hardware mining manufacturer has launched a 7nm application-specific integrated circuit (ASIC) processor dubbed the BM1397.

Beyond energy efficiency, the new mining processor promises to achieve faster performance for mining cryptocurrencies that use the SHA256 algorithm for their proof of work (PoW), including Bitcoin and its hard forks.

Like the BM1391 chip that came before it, the BM1397 will be powered by the advanced semiconductor manufacturing technology called the 7nm FinFET process, integrating more than a billion transistors and “optimized for maximum efficiency.”

A statement from Bitmain on its blog reads:

“The new BM1397 chip requires lower power and can offer an energy consumption to computing ratio as low as 30J/TH. This is a 28.6 percent improvement in power efficiency in comparison with Bitmain’s previous 7nm chip, the BM1391.”

Since the market crashed last year, cryptocurrency miners have been shutting down operations across the world as it has become less profitable to mine bitcoin with falling prices and fixed energy costs. Bitmain, which has had operational issues of its own, touts its BM1397 as a solution for miners who want to improve the performance of their mining operations. The new 7nm bitcoin mining processor will feature in Bitmain’s soon-to-be-released Antminer mining rigs — the S1f7 and T17.

Bitmain also unveiled a mining rig for the Equihash algorithm used by privacy-centered crypto Zcash and an Ethereum-focused ASIC miner last year.

At the time, the development of ASIC miners prompted Ethereum’s core developers to agree to implement a new ASIC-blocking algorithm, programmatic proof of work (ProgPoW), which restricts the mining hardware on the network.

Security lead of the Ethereum Foundation, Martin Holst Swende, had noted at the time that implementing the code change would hasten the network’s eventual transition to a proof-of-stake algorithm, where ether is mined by staking coins, not by burning energy.

This article originally appeared on Bitcoin Magazine.

Bitmain Announces New 7nm Bitcoin Mining Chip With 29% More Efficiency

Bitmain Announces New 7nm Bitcoin Mining Chip With 28.6% More EfficiencyOn Feb. 18, mining rig manufacturing giant Bitmain Technologies announced its next-generation 7nm ASIC chip for mining SHA-256 cryptocurrencies like BTC and BCH. According to Bitmain, the mining chip, called the BM1397, is more efficient when mining proof of work (PoW) coins and the new chips will be installed in the latest Antminer series of […]

The post Bitmain Announces New 7nm Bitcoin Mining Chip With 29% More Efficiency appeared first on Bitcoin News.