Anonymous Security Researcher Uncovers Exploit in Bitmain’s Bitcoin Miner S15
Developer James Hilliard, best known for his Bitcoin Improvement Proposal #91 (the BIP which activated SegWit and prevented SegWit2x) and the CGMiner program, discovered a vulnerability in Bitmain’s Antminer S15 firmware.
The vulnerability was then turned into an exploit by an anonymous security researcher. Hilliard has publicly demonstrated the exploit in action:
@BITMAINtech tried and failed to lock down the S15 firmware, I identified the vulnerability and @00whiterabbit wrote/tested the attack code. Once @BITMAINtech complies with the GPL licenses for the firmware I will disclose the vulnerability to them so that they can fix it. pic.twitter.com/zwsAaPQjRL
— James Hilliard (@james_hilliard) February 12, 2019
The exploit allows an attacker to do basically anything, including modifying the payout address of an exploited miner. A previous vulnerability called “Antbleed” allowed any Antminer to be shutdown remotely, creating an existential risk to the Bitcoin network, which relies heavily on Bitmain hardware.
Read the full story on CCN.com.