
Backdoor in the firmware of Antminer Bitcoin mining hardware - twowo
http://www.antbleed.com/
======
tedivm
The hardware checks in with central bitmain servers to see if the hardware is
"legitimate". The bitmain servers have to explicitly return false to disable
the machines, which is really important because it means that the servers just
being disabled (via a DDoS for example) will not shut down anyones systems.

That's why redirecting the traffic from "auth.minerlink.com" to point at
"127.0.0.1" is an effective way to bypass the issue. The server (localhost)
isn't responding with false and thus the system stays up and running.

The idea that all machines would be shutdown globally seems a bit excessive.
While possible it would require Bitmain to lose control of their domain
globally, and I imagine an issue like that would get resolved fairly quickly.

That being said it is a bit stupid of bitmain to be doing this, especially if
they aren't even doing it over SSL.

~~~
twowowo
They are controlling a huge share of the hashing power themselves. If they
kill all the ASICs that they produced but do not control themselves I think it
is quite likely they would control over 50% of the hash power themselves. That
is a nightmare scenario.

~~~
adambyrtek
"The power to destroy a thing is the absolute control over it." – Dune

~~~
duxup
"Plans within plans"

-Dune

------
haakon
Someone noticed it in September, opened an issue, and got no response.
[https://github.com/bitmaintech/bmminer/issues/7](https://github.com/bitmaintech/bmminer/issues/7)

It also looks like the backdoor may have a remote code execution
vulnerability:
[https://twitter.com/petertoddbtc/status/857340167400587264](https://twitter.com/petertoddbtc/status/857340167400587264)

~~~
clarkmoody
Relevant source code:

[https://github.com/bitmaintech/bmminer/blob/b5de92908498590d...](https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-
btm-c5.c#L7776)

Edit: Nobody cares about the vulnerability until it has a name and a logo :-)

~~~
libria
An 8000+ line C file. I can understand how a single bug might be overlooked
there.

~~~
_coldfire
It wasn't overlooked though. Issue was raised in Sept 2016

[https://github.com/bitmaintech/bmminer/issues/7](https://github.com/bitmaintech/bmminer/issues/7)

------
twowowo
Bitmain is not only the producer of those mining ASICs, it also controls a
huge share of the mining power itself.

If it really can kill a large fraction of the remaining hash power it is quite
likely they would control over 50% themselves.

That is scary! Especially as they are known to act maliciously in other
situations and are opposing the remaining part of the community in the Segwit
vs Bitcoin Unlimited debate.

~~~
deftnerd
Are you the same as "twowo" who posted this, but using a different username?

------
tyingq
The Reddit thread on this seems somewhat evenly divided on whether this is a
real issue:
[https://www.reddit.com/r/btc/comments/67qzsn/antbleed_exposi...](https://www.reddit.com/r/btc/comments/67qzsn/antbleed_exposing_the_malicious_backdoor_on)

Surprising, as it seems like a straightforward, real issue.

~~~
PlaceFan
I think that particular subreddit is being generous about the issue because
they overwhelmingly support the Antminer manufacturer on a completely separate
issue (increased block sizes). That issue is more-or-less the big schism at
the moment between /r/btc and /r/bitcoin.

If that's confusing, as a hypothetical example: You just linked to an
/r/conservative thread about Trump's alleged Russian ties.

The opposing subreddit (i.e. the /r/politics thread) is much less forgiving
about it:
[https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_ex...](https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/)

~~~
tyingq
The analogy helps a lot. Funny how that reality distortion field effect kicks
in for something that seems obviously bad.

------
webninja
It appears that Antbleed is a proposed temporary denial of service attack.

 _Even without Bitmain being malicious, the API is unauthenticated and would
allow any MITM, DNS or domain hijack to shutdown Antminers globally.
Additionally the domain in question DNS is hosted by Cloudflare making it
trivially subjected to government orders and state control._

------
olegkikin
Why would Bitmain shut down their customers' hardware? It's a sure way to kill
their (quite successful) brand.

But even if it happens, all you have to do is update the firmware again, and
keep mining.

But let's imagine someone actually does shut down 70% of the mining power.
What's the real consequence? Blocks will be mined somewhat slower (but not
even close to 3 times slower) till the difficulty self-corrects. In the very
worst case that will take 2016 blocks, or 14 days.

~~~
0x0
If you can shut down up to 70% of the mining power, it would make mounting a
51% attack incredibly easy. It would also mean whoever controls the remaining
mining power is in for a treat with block rewards for a while.

~~~
olegkikin
51% attack would require a collusion of the large group of the miners, and, if
successful, will likely cause a massive price drop. Which is the last thing
miners want.

P.S. And btw, it's >50% attack, not 51% attack. You don't need that whole
extra percent.

~~~
int_19h
> 51% attack would require a collusion of the large group of the miners

If you can shut off 70% of all the miners (because they run backdoored
hardware), then you only need >50% of the remaining 30%, no? Which should be a
lot easier.

------
plart
Redirecting auth.minerlink.com to point at 127.0.0.1 is not a permanent way to
bypass the issue.

If the next patch includes a localhost server that can proxy communication to
auth.minerlink.com, the issue returns.

If the next patch updates the url to auth2.minerlink.com (or any other
domain), the issue returns.

If the next patch flips from default-allow to default-deny, all customers will
be out of luck until they patch and come back to the central control
mechanism.

If the next patch implements some form of authentication such that you can't
easily spoof a "True", all customers will be out of luck.

If the remote code execution is used to patch code without the administrator's
knowledge/permission (haakon has a link saying remote code execution is
possible) any/all of the above are trivially easy to take advantage of.

Lastly - my understanding of bitcoin is a little fuzzy, but I believe with 50%
of the computing power, you can rewrite transactions as you please, capturing
as many bitcoin as you want. If you had a plan to not centralize those
accounts, it would be extremely difficult to sort out.

~~~
deweller
You cannot rewrite or otherwise change transactions with a 51% attack, nor can
you capture any bitcoin.

You can, however, deny certain (or all) transactions from being mined into a
block. And you can exclude past transactions if you can overtake the current
longest chain. But rewriting history to exclude past transactions would
require more than 51% of the hashing power. The further back you go, the more
power it will require to overtake the longest chain.

~~~
sanswork
Yes you can. Rewriting a transaction is exactly what a double spend is.

~~~
deweller
Yes - for your own coins.

You can re-spend the coins that you own and send them to another location and
invalidate one of your own spends.

You cannot rewrite or modify any other transactions that you do not hold the
private keys for. You can only withhold them from a block.

------
runeks
Can someone explain why Bitmain controls such a large share of the global
hashing power? Why can't competitors produce Bitcoin mining chips as good as
Bitmain's? Is the case simply that Bitmain were first with 16nm-based miners,
and when everyone else get there too, Bitmain will have no advantage left?

~~~
pmorici
There were many many other companies in the market 3 years ago but they all
went bust because they all scammed their customers in one way or another.
Antminer was the only one that didn't follow shady business practices that is
the main reason they are still around. The reason a segment of the bitcoin
world likes to hate on them is because they are an outspoken supporter of
bigger blocks and bigger block threatens the business plan of certain non-
mining interests.

~~~
nadaviv
> The reason a segment of the bitcoin world likes to hate on them is because
> they are an outspoken supporter of bigger blocks and bigger block threatens
> the business plan of certain non-mining interests.

I think that people are primarily pissed with them for blocking SegWit for
absolutely no good reason [0], against the wishes of the industry and
community.

[0] one potential explanation is that SegWit blocks a covert performance boost
that Bitmain secretly built into their ASICs.
[https://bitcoinmagazine.com/articles/breaking-down-
bitcoins-...](https://bitcoinmagazine.com/articles/breaking-down-bitcoins-
asicboost-scandal-solutions/)

~~~
h1d
> against the wishes

Since when do businesses have to play nice along others' wishes?

Stop blaming financial incentives...

While they have been acting somewhat hostile to the rest of the community,
this "please be nice even by sacrificing yourself or you're evil" sounds crap
as a real world claim.

------
rbobby
Statement from the company: [https://blog.bitmain.com/en/antminer-firmware-
update-april-2...](https://blog.bitmain.com/en/antminer-firmware-update-
april-2017/)

tldr; Code left behind from abandoned feature implementation to allow owners
to remotely shutdown miners that have been stolen/misappropriated. Our bad...
sorry.

------
fpgaminer
I wonder if YC would fund a new Bitcoin mining ASIC startup. I often regret
not being able to pivot my previous company from FPGAs into ASICs :/

~~~
pcwalton
I hope not. From a business point of view, Bitcoin and hardware are both
risky; putting the two together is exceptionally so. From an ethical point of
view, the environmental impact of large-scale Bitcoin mining is a real
problem.

~~~
CyberDildonics
> the environmental impact of large-scale Bitcoin mining is a real problem

This is completely ridiculous. I've never seen anyone supply numbers to
remotely back this up. A few people have linked to a blog post that through
extrapolation and gross misunderstanding asserted that bitcoin mining used up
as much electricity as all of Ireland (lets use our very best judgement).

The truth is the financial industry is 8% of GDP. How much power does it take
to air condition all the banks of world?

Beyond that there is the fact that not all electricity has significant
environmental impact and the fact that bitcoin mining ends up happening in
places where electricity is the cheapest and most plentiful, which means it
probably is not being generated with coal or oil.

This assertion is an enormous detachment from reality based on gut feeling.

~~~
fpgaminer
Alright, well, here's some math.

The Bitcoin network hashrate is currently at ~3,800,000,000 GH/s. The most
efficient miners are at ~0.1W/GH. So the Bitcoin network, at its most
efficient, would be using 380,000,000 Watts right now.

I'm not sure what to compare that against. I looked up and found this article:
[https://www9.nationalgridus.com/non_html/shared_energyeff_of...](https://www9.nationalgridus.com/non_html/shared_energyeff_office.pdf)

That article says that office buildings use ~1.53 Watts per square foot to
cool the building (that's an average 1.53 throughout the year). So the power
used to secure the Bitcoin network is equal to cooling ~248 million square
feet of office space. Sounds like a lot, but pulling up a random office
building, 55 Water Street, and I see it's 3.5 million square feet.

The U.S. as a whole uses 446,689,497,716 Watts on average. So Bitcoin is using
0.085% of the total U.S. power consumption. Or, 0.015% of world power
consumption.

I have no idea if what we are currently spending on the Bitcoin network, in
terms of natural resources, is more or less efficient than our current banking
system. But those are the numbers.

Personally, I don't think any of its relevant. Reducing energy consumption
should not be the primary focus of our species. We should focus on increasing
sustainable energy _production_. Energy production is a core attribute of our
economy and our civilization. It may even be the _most_ important thing to us,
as a growing species. Obviously reducing waste when we can is good, but I'd
rather expend the majority of our resources building out solar installations
rather than quibbling about whether Bitcoin is power efficient or not.

~~~
snowwindwaves
Generally a house that isn't electrically heated or cooled uses 1 kWh per
hour. So 380 megawatts for Bitcoin mining is the around the same amount of
energy that 380,000 houses would use on a nice day.

------
derimagia
As usual please make sure you link to github links directly.

"[https://github.com/bitmaintech/bmminer/blob/master/driver-
bt...](https://github.com/bitmaintech/bmminer/blob/master/driver-
btm-c5.c#L7755-L7756")

If the file is edited that link is useless. Even worse, removed or moved.

Press "y" and you get:
[https://github.com/bitmaintech/bmminer/blob/b5de92908498590d...](https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-
btm-c5.c#L7755-L7756)

~~~
sah2ed
Never knew of that keyboard shortcut for GitHub.

Thanks for sharing.

------
tyingq
Looks like they also took down auth.minerlink.com ... at least it doesn't
resolve to anything for me.

~~~
haakon
It doesn't resolve yet. The idea is that they could set it up, thus activating
the backdoor.

------
ReligiousFlames
"Sell them coin-operated shovels that we can remotely disable". Until they get
caught. Oops.

------
twexler
I'm not sure what's worse about this:

1\. The fact that it exists

2\. The fact that they're using "something" bleed as the name (creativity,
please)

3\. That whoever created this page recommends the user alter the miner to
point to some other, user-controlled HTTP server, effectively MITMing anyone
who sees this page.

Shame.

~~~
benchaney
>2\. The fact that they're using "something" bleed as the name (creativity,
please)

Seriously, it isn't even a data leak.

~~~
acchow
bleed is a nod to the vuln "heartbleed", not to leaks.

~~~
joshstrange
Incorrect, heartbleed caused leaks from the servers affected. This is not even
vulnerability it's just a stupid design decision that someone can MitM.

~~~
biot
This issue should have been called Ant-in-the-Middle.

~~~
joshstrange
That's actually a great name for it or something along the lines of
killswitch. Maybe AntKill or MinerRaid.

------
lossolo
You would need to be MiTM to exploit that. This "backdoor" will have probably
almost no effect, it's interesting that someone made special site just for
it..

~~~
haakon
They haven't made it hard; the phone-home is unauthenticated, so you could
just spoof someone's DNS for instance.

But even if a third-party exploit were impossible, it's a real problem if one
company actually has a kill switch for 70% of Bitcoin's hashing power.

------
DonbunEf7
As usual, this is a strong lesson for those who haven't considered capability-
safe designs. A big pile of C carrying many libc calls is pretty hard to
audit!

~~~
b1naryth1ef
Bad and hard to grok code can be created in any language. Even more-so in
languages that have more syntax complexity than C.

~~~
DonbunEf7
The point of capability-secure design is that it's possible to prove that a
chunk of code, regardless of its nastiness, _cannot_ take certain actions.

In particular, in this case, it sounds like the offending code:

* Makes outgoing connections with sockets * Alters the flow of execution outside its scope

Both of these flaws can be mitigated if the ability to do these things is
_closely-held_ and not available to all code.

It's true that object-capability languages like E, Monte, Pony, etc. cannot
stop you from writing bad code. But they can automatically prove that your
code only is as bad as it appears to be, and not any worse via skulduggery.

~~~
TD-Linux
This code is running on a dedicated Zynq SoC on the miner, where it's treated
more as "firmware". Any capability based system running on this SoC would be
designed by Bitmain, so they could just backdoor it as well. In addition, the
software is _required_ to make outgoing connections, for the stratum mining
protocol.

------
gnu8

      Standard inbound firewall rules will not protect against this because the Antminer makes outbound connections.
    

What kind of idiot doesn't have outbound firewall rules, particularly on their
production mining network?

~~~
tedivm
You'd need a bit more than a standard IP firewall since the auth server can
simply be moved to a different IP address. The best way to truly block it
would be to block it directly on the nameservers for the network.

~~~
gnu8
The proper outbound firewall configuration would be default-deny with outbound
connections allowed only to the hosts required. That way Antminer would have
to somehow take over an IP address that was already whitelisted and run their
auth server on it.

