More

    Bitcoin’s secret bug – INVDoS rediscovered 2 years after fixing it

    Bitcoin Bug

    In 2018, a security analyst found a significant weakness in Bitcoin Core, the product that controls the Bitcoin blockchain, yet after reporting the issue and having it repaired, the analyst opted to keep the details confidential to keep it away from hackers who will try to exploit it.

    Technological details were disclosed earlier this week after a similar weakness was independently found in another cryptocurrency, in light of a more seasoned rendition of the Bitcoin code that hadn’t got the fix.

    Referred to as INVDoS, the weakness is a typical Denial-of-Service (DoS) attack. While in several outbreaks, DoS attacks are innocuous, they are not for internet-reachable systems, which require to have reliable uptime in order to process transactions. INVDoS was founded in 2018 by Braydon Fuller. Fuller observed that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain projections, would direct to uncontrolled consumption of the server’s memory resources, which would ultimately crash affected systems.

    “At the time of the discovery, this represented more than 50% of publicly-advertised Bitcoin nodes with inbound traffic, and likely a majority of miners and exchanges,” Fuller said.

    Likewise, Bitcoin nodes operating Bcoin and Btcd were also affected by the same bug. Other cryptocurrencies that were built on the original Bitcoin protocol were also affected, such as Litecoin and Namecoin. 

    Fuller said the bug was harmful because it could “contribute to a loss of funds or revenue.”                                                     

    “This could be through a loss of mining time or expenditure of electricity by shutting down nodes and delaying blocks or causing the network to temporarily partition,” he said.

    Bug re-discovered two years later

    The INVDoS bug was reported and patched, at that time, under the generic identifier of CVE-2018-17145, which didn’t comprise that many details, so as not to tip off attackers. Nonetheless, the same bug was once again discovered over the summer by Javed Khan, another Bitcoin protocol engineer, while scouring bugs in the Decred cryptocurrency.

    The details about the full INVDoS exposure were disclosed earlier this week, so other cryptocurrencies that forked former versions of the Bitcoin protocols could examine and detect if they were affected as well.

    “There has not been known exploitation of this vulnerability in the wild,” Fuller and Khan said. “Not as far as we know.”

    Also Read – Security Vulnerabilities identified in Philips Patient Monitoring Software.

    Recent Articles

    Mabl Introduces Native Desktop Application with API and Mobile Test Automation Capabilities

      Mabl, the prominent intelligent test automation firm, proclaimed on 24th February the beta release of their recent native desktop application that authorizes users to...

    Software testing company Qualitest acquires QA InfoTech

      Qualitest, the world's largest independent managed services provider of quality assurance and testing solutions, announced on 18th February 2021 that they have acquired QA...

    Beginners guide to Submit Paper for Software Testing Conferences

      Software Testing Conferences have become extremely important nowadays with constant changes in techniques, and up-gradation of technology, it is extremely important for Testers to...

    Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million

      Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching...

    Provar Secures $17M in Series A Funding

      London-based Provar is a company that assists clients and partners in making Salesforce better with repeatable and manageable test automation. It pairs instinctive testing...

    Related Stories

    Stay on op - Ge the daily news in your inbox