What Intel’s Foreshadow Flaw Means for the Future of Cryptocurrency
However, another terrible security flaw has been announced that could have a rippling effect throughout the technology world, including the cryptocurrency project to leverage specific hardware devices.
The Foreshadow vulnerability affects Intel's Software Guard Extensions (SGX) area, a special security area frequently used to store sensitive data following a pair of bugs released earlier this year.
In short, while the territory was tamper-proof, the group of researchers found a way to steal information stored by an attacker.
For many, MelTown and Specter are ghastly enough. This bug affected all Intel chips used in most computers in the world. However, since it was not easy to execute, there were not many actual attacks.
Foreshadow may not be good because it affects SGX, which is a specific type of Intel hardware. However, because many cryptocurrency projects are planning to use this technology, Foreshadow can aggravate the ripple effect on the world of cryptocurrency.
Perhaps most notably, signal creator Moxie Marlinspike is in the process of proposing a new coin called the MobileCoin centered on the SGX and even raises $ 30 million.
As a result, this project will need to be restructured before it can enter reality.
"Today's findings have had a broad impact on cryptanalysis projects," said Phil Daian, a security researcher at Cornell University, in an interview with CoinDesk.
But the good news is that Intel has followed the "responsible public process" of the security world to make bugs public. Intel may warn you before you show it, so it may come out with fixes distributed a few months ago.
However, the security world is still making a lot of noise because it may not be enough.
Daian adds: "Infrastructure is likely to remain vulnerable to this attack class because many of these systems are slow to upgrade and many of them require related upgrades or hardware upgrades.
"At some point it will be surprising if the taste of this attack is not used to steal decryption."
Good and bad
But there are good news and bad news.
One in cryptocurrency does not seem to be used by the SGX project to get real money yet. "My knowledge is not that there is no SGX system in production space or it is widely used in space today," Daian said.
The bad news is that there are a lot of projects that want to use SGX, and it is no exaggeration to say that we plan to do so sooner or later. And the idea is pretty cool.
MobileCoin was probably probably the most ambitious because project developers wanted to replace metropolitan areas, which is an important part of securing cryptocurrency to build more cryptocurrency.
However, there are many people who want to use SGX for security and privacy.
Enify uses this value in its unique bid to increase privacy in smart contracts, and Wallet hardware company Ledger has partnered with Intel to use SGX as a new way to store private keys. And the list goes on.
"SGX attacks are fatal," said Patrick McCorry, an associate professor at Kings College London, in an interview with CoinDesk magazine. I have been discussing whether it is possible.
"Applications that rely on trusted hardware can compromise integrity and privacy. Many companies in the decryption domain rely on SGX to support multiple party protocols, but this attack can trick any participant." He added.
"In my opinion, good SGX research and systems should assume that hardware can be damaged to some degree, and defensive design and layered security as always," Daian said.
He continued to give advice to companies to launch soon.
Projects that are about to start soon, which rely on SGX, should carefully evaluate Intel's vulnerabilities and updates about the security impact of the system and post those surveys with code, he said.
But the other bad news is that hackers can apply all bugs to similar SGX chips.
McCorry said, "But as Intelligence shows, the attack will be better.
On the other hand, some developers are accused of bugs.
Because Intel has a backdoor on every SGX device, it has been a technology pathway for a long and controversial cryptocurrency project that often claims to give too much authority and trust to the hands of a company.
In short, the Foreshadow vulnerability is a good example of not putting SGX on the foundation of a decryption project.
"We got good results because we did not adopt a specific professor's SGX-based bit coin scaling solution!" Twitter Anonymous bit coin enthusiasts.
Wladimir van der Laan of Bitcoin Core commented, "Even if it was perfect, it was never a good idea to root Bitcoin's security on chip supplier's secret source technology.
However, most projects using SGX did not actually start in the production environment.
Some researchers claim that most cryptocurrency projects exploring SGX do not actually use money because Intel has such a bad reputation. The industry is experimenting with this technology, but I'm too careful to actually run it.
Some security researchers recommend keeping this trend to avoid using SGX.
But other researchers are optimistic that one day SGX and others will play a big role in cryptocurrency, and evaluating Foreshadow as a trusted hardware has been battle tested.
"SGX will need to be repeatedly tested and disconnected by hostile researchers until a strong security rating of several years is required," added Daian, adding that reliable hardware along the lines of the SGX can play one day. "He added. A big (and positive) role in cryptocurrency.
Simply put, he added, it will take some time.
"The realization of this technology ensures that we have high expectations for minimizing trust and scalable privacy over cryptocurrency."
Notebook with Sherbet
CoinDesk, a leader in block-chain news, is a media outlet that pursues the highest standards of journalism and adheres to strict editorial policies. CoinDesk is an independent operating subsidiary of the Digital Currency Group, which invests in cryptocurrencies and block-chain startups.
(f.fbq) return; n = f.fbq = function () n.callMethod?
n.callMethod.apply (n, arguments): n.queue.push (arguments); if (! f._fbq) f._fbq = n;
n.push = n; n.loaded =! 0; n.version = & # 39; 2.0 & # 39 ;; n.queue = ; t = b.createElement (e); t.async =! 0;
t.src = v; s = b.getElementsByTagName (e) ; s.parentNode.insertBefore (t, s)} (window,
Document, & # 39; script & # 39 ;, & # 39; // connect.facebook.net/en_US/fbevents.js');
fbq (& # 39; init & # 39 ;, & # 39; 472218139648482 & # 39;);
fbq (& # 39; track & # 39 ;, & # 39; PageView & # 39;);