When it comes to vulnerabilities that can affect cryptocurrency users, most think about exchange hacks, malware infections and wallet vulnerabilities. However, there is one vulnerability that has escaped scrutiny despite the broad implications.
The vulnerability is a hardware kwestie that effects Intel CPUs which are the brains of every rekentuig / server. Intel is also the foremost CPU maker ter the world and spil such, the vulnerability could be fairly broad.
For example, there is a large chance that right now your PC is running an Intel chip. But how does this indeed effect those ter the cryptocurrency community?
Specifics of the Vulnerability
The vulnerability is termed a “zero day” vulnerability which means that it is one that has existed since the release of thesis particular chips. While there have bot no reports of it being used before, there is no way of truly knowing if it has.
The flaw itself effects the Kernel of the operating system. This is essentially the “brain” of the OS and facilitates some of the most fundamental processes. Ter this case, there shows up to be a memory leak from the Kernel.
This memory leak can be catastrophic spil it permits malicious actors to access gegevens from the memory te the kernel. Hence, some local exploit like Malware could theoretically samenvatting sensitive information such spil private keys and passwords.
What makes this much worse is that the vulnerability is a hardware punt and there is no effortless fix. It would be a logistical impossibility to substitute all of the vulnerable chips. Hence, it would have to be a software patch.
Given how quickly Microsoft and Linux have spinned out patches to the exploit, one can only assume that they also view the vulnerability spil particularly severe.
How it Could Affect Crypto
There are three places ter which this vulnerability could affect those ter the cryptocurrency space. It could affect users, exchanges and those who mine cryptocurrency.
There are some theoretical risks that the user could face from this vulnerability. The vulnerability could permit malware or malicious scripts ter another program or process to access sensitive kernel memory areas and samenvatting it.
While this may be worrying, it would still rely on the user visiting a questionable webpagina that has malicious code on it.
Large exchanges with millions of dollars of cryptocurrency on their books have a lotsbestemming more to worry about from this vulnerability. This is because for large server farms and gegevens centres that operate virtual machines and cloud computing environments.
For example, Amazon EC2, Google Compute Engine and Microsoft Azure. Many exchanges make use of thesis services and spil such could be exposed to the hardware flaws. Sensitive user information and private keys to hot wallets are some of the most exposed gegevens.
This is something that the exchanges themselves are particularly aware of. Ter a blog postbode from the engineering team at Coinbase they explained the numerous security protocols they have te place to guard from any breaches. They said
Coinbase maintains an aggressive vulnerability management program. Spil rumors of this vulnerability emerged several days ago, wij began preparing for a few different potential vulnerability types
While the large Bitcoin mining farms thesis days operate ASICs such spil the Antminer or the Dragonmint, the vulnerability may to affect smaller CPU mining equipments.
The threat to the CPU miners is not so much from the exploit itself but from the patches. According to a tweet from the Register, thesis patches are likely to slow down voorstelling by inbetween 17%-23%.
PostgreSQL SELECT 1 with the KPTI workaround for Intel CPU vulnerability https://t.co/N9gSvML2Fo
Best case: 17% slowdown
This means that the patch could have some effect on the speed of the processing for the mining tasks. Hence the miners will either run the risk with the vulnerability, upgrade and accept impeded spectacle or buy fresh hardware.
However, there is also the possibility that miners are unlikely to feel much of the influence spil the number crunching the processors do rely more on raw power than on the memory.
Lessons to Be Learned
Te this case, the security kwestie lies with Intel. Gratefully they were able to identify it themselves and it has not come about spil a result of a severe hack.
Users and exchanges could not have done anything to protect themselves prior to the vulnerability disclosure. The best response now would be to update your operating system and hope that the exchanges are taking the necessary security steps.
However, this once again demonstrates the importance of secure cold storage for all of your large cryptocurrency holdings. Cryptocurrency that is either stored on a lump of paper or te a hardware wallet cannot be exploited by your PC’s CPU.
Featured Pic via Fotolia
- Posted ter: Analysis, News
- Tagged te: Coinbase, CPU, Intel, Vulnerability, Zero-day
Posted by Editorial Team
Editors at large. Posting the latest news, reviews and analysis to kasstuk the blockchain.