Hole made it possible to trick users into double spending and hack smart contracts. Developers of Ethereum, the world’s No. 2 digital currency by market capitalization, have closed a serious security hole that allowed virtually anyone with an Internet connection to manipulate individual users’ access to the publicly accessible ledger.
So-called eclipse attacks work by preventing a cryptocurrency user from connecting to honest peers. Attacker-controlled peers then feed the target a manipulated version of the blockchain the entire currency community relies on to reconcile transactions and enforce contractual obligations. Eclipse attacks can be used to trick targets into paying for a good or service more than once and to co-opt the target’s computing power to manipulate algorithms that establish crucial user consensus. Because Ethereum supports “smart contracts” that automatically execute transactions when certain conditions in the blockchain are present, Ethereum eclipse attacks can also be used to interfere with those self-enforcing agreements.
Like most cryptocurrencies, Ethereum uses a peer-to-peer mechanism that compiles input from individual users into an authoritative blockchain. In 2015 and again in 2016, separate research teams devised eclipse attacks against Bitcoin that exploited P2P weaknesses. Both were relatively hard to pull off. The 2015 attack required a botnet or a small ISP that controlled thousands of devices, while the 2016 attack relied on the control of huge chunks of Internet addresses through a technique known as border gateway protocol hijacking. The demands made it likely that both attacks could be carried out only by sophisticated and well-resourced hackers.
Attention script kiddies
Many researchers believed that the resources necessary for a successful eclipse attack against Ethereum would considerably higher than the Bitcoin attacks. After all, Ethereum’s P2P network includes a robust mechanism for cryptographically authenticating messages and by default peers establish 13 outgoing connections, compared with eight for Bitcoin. Now, some of the same researchers who devised the 2015 Bitcoin attack are back to set the record straight. In a paper published Thursday, they wrote:
We demonstrate that the conventional wisdom is false. We present new eclipse attacks showing that, prior to the disclosure of this work in January 2018, Ethereum’s peer-to-peer network was significantly less secure than that of Bitcoin. Our eclipse attackers need only control two machines, each with only a single IP address. The attacks are off-path-the attacker controls endhosts only and does not occupy a privileged position between the victim and the rest of the Ethereum network. By contrast, the best known off-path eclipse attacks on Bitcoin require the attacker to control hundreds of host machines, each with a distinct IP address. For most Internet users, it is far from trivial to obtain hundreds (or thousands) of IP addresses. This is why the Bitcoin eclipse attacker envisioned [in the 2015 research] was a full-fledged botnet or Internet Service Provider, while the BGP-hijacker Bitcoin eclipse attacker envisioned [in the 2016 paper] needed access to a BGP-speaking core Internet router. By contrast, our attacks can be run by any kid with a machine and a script.
Raising the bar
In January, the researchers reported their findings to Ethereum developers. They responded by making changes to geth, the most popular application supporting the Ethereum protocol. Ethereum users who rely on geth should ensure they’ve installed version 1.8 or higher. The researchers didn’t attempt the same attacks against other Ethereum clients. In an email, Ethereum developer Felix Lange wrote:
“We have done our best to mitigate the attacks within the limits of the protocol. The paper is concerned with ‘low-resource’ eclipse attacks. As far as we know, the bar has been raised high enough that eclipse attacks are not feasible without more substantial resources, with the patches that have been implemented in geth v1.8.0.” Lange went on to say he didn’t believe another popular Ethereum app called Parity is vulnerable to the same attacks.
The paper, titled Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network, described two separate attacks. The simplest one relied on two IP addresses, which each generate large numbers of cryptographic keys that the Ethereum protocol uses to designate peer-to-peer nodes. The attacker then waits for a target to reboot the computer, either in the due course of time, or after the hacker sends various malicious packets that cause a system crash. As the target is rejoining the Ethereum network, the attacker uses the pool of nodes to establish incoming connections before the target can establish any outgoing ones.
The second technique works by creating a large number of attacker-controlled nodes and sending a special packet that effectively poisons the target’s database with the fraudulent nodes. When the target reboots, all of the peers it connects to will belong to the attacker. In both cases, once the target is isolated from legitimate nodes, the attacker can present a false version of the blockchain. With no peers challenging that version, the target will assume the manipulated version is the official blockchain.
It’s about time