When it comes to vulnerabilities that can affect cryptocurrency users, most think about exchange hacks, malware infections and wallet vulnerabilities. However, there is one vulnerability that has escaped scrutiny despite the wide implications.
The vulnerability is a hardware issue that effects Intel CPUs which are the brains of every computer / server. Intel is also the foremost CPU maker in the world and as such, the vulnerability could be quite broad.
For example, there is a large chance that right now your PC is running an Intel chip. But how does this really effect those in the cryptocurrency community?
Specifics of the Vulnerability
The vulnerability is termed a “zero day” vulnerability which means that it is one that has existed since the release of these particular chips. While there have been no reports of it being used before, there is no way of really knowing if it has.
The flaw itself effects the Kernel of the operating system. This is essentially the “brain” of the OS and facilitates some of the most fundamental processes. In this case, there appears to be a memory leak from the Kernel.
This memory leak can be catastrophic as it allows malicious actors to access data from the memory in the kernel. Hence, some local exploit like Malware could theoretically extract sensitive information such as private keys and passwords.
What makes this much worse is that the vulnerability is a hardware issue and there is no easy fix. It would be a logistical impossibility to replace all of the vulnerable chips. Hence, it would have to be a software patch.
Given how quickly Microsoft and Linux have rolled out patches to the exploit, one can only assume that they also view the vulnerability as particularly severe.
How it Could Affect Crypto
There are three places in which this vulnerability could affect those in the cryptocurrency space. It could affect users, exchanges and those who mine cryptocurrency.
There are some theoretical risks that the user could face from this vulnerability. The vulnerability could allow malware or malicious scripts in another program or process to access sensitive kernel memory areas and extract it.
While this may be worrying, it would still rely on the user visiting a questionable site that has malicious code on it.
Large exchanges with millions of dollars of cryptocurrency on their books have a lot more to worry about from this vulnerability. This is because for large server farms and data centres that operate virtual machines and cloud computing environments.
For example, Amazon EC2, Google Compute Engine and Microsoft Azure. Many exchanges make use of these services and as such could be exposed to the hardware flaws. Sensitive user information and private keys to hot wallets are some of the most exposed data.
This is something that the exchanges themselves are particularly aware of. In a blog post from the engineering team at Coinbase they explained the numerous security protocols they have in place to guard from any breaches. They said
Coinbase maintains an aggressive vulnerability management program. As rumors of this vulnerability emerged several days ago, we began preparing for a few different potential vulnerability types
While the large Bitcoin mining farms these days operate ASICs such as the Antminer or the Dragonmint, the vulnerability may to affect smaller CPU mining rigs.
The threat to the CPU miners is not so much from the exploit itself but from the patches. According to a tweet from the Register, these patches are likely to slow down performance by between 17%-23%.
PostgreSQL SELECT 1 with the KPTI workaround for Intel CPU vulnerability https://t.co/N9gSvML2Fo
Best case: 17% slowdown
Worst case: 23%
— The Register (@TheRegister) January 2, 2018
This means that the patch could have some effect on the speed of the processing for the mining tasks. Hence the miners will either run the risk with the vulnerability, upgrade and accept impeded performance or buy new hardware.
However, there is also the possibility that miners are unlikely to feel much of the impact as the number crunching the processors do rely more on raw power than on the memory.
Lessons to Be Learned
In this case, the security issue lies with Intel. Thankfully they were able to identify it themselves and it has not come about as a result of a severe hack.
Users and exchanges could not have done anything to protect themselves prior to the vulnerability disclosure. The best response now would be to update your operating system and hope that the exchanges are taking the necessary security steps.
However, this once again demonstrates the importance of secure cold storage for all of your large cryptocurrency holdings. Cryptocurrency that is either stored on a piece of paper or in a hardware wallet cannot be exploited by your PC’s CPU.
Featured Image via Fotolia