Security Researchers to Introduce a “Purposefully Vulnerable” Blockchain

Blockchain vulnerabilities pose a serious threat and cyber-security company Kudelski Security wants to raise awareness on this exact problem. During next month’s Black Hat conference, the people at Kudelski will present the first ever intentionally vulnerable blockchain.

As Nathan Hamiel, Kudelski’s head of cyber-security research explained, the aim of their FumbleChain project is to highlight vulnerabilities in blockchain ecosystems. The whole project is following the idea to be easily readable and modifiable by users – it is written in Python 3.0. In addition it is modular, making it easy for users to add challenges and thus encourage continuous learning.

With the official launch of the project, Kudelski will provide both a demo on their website and a code download on GitHub.

Blockchain vulnerabilities

While blockchain is still considered to be a very secure technology when utilised properly, experts call attention to the fact that the ecosystem is not in a vacuum. All cryptocurrency applications have to be embedded into the blockchain – which makes it vulnerable to some types of attacks.

Even though we all know the basic idea behind the blockchain technology “Like most things, the devil is in the details,” as Jack Gold, principal research analyst at J.Gold Associates points out. He continues:

“Blockchain is a specification more than a technology, and a relatively loose spec at that …There are various ways to implement it… so if you implement it in an insecure fashion, it can be broken.”

IDC Worldwide Blockchain Strategies’ research director, James Wester often has to characterise and explain blockchain, together with a number of technologies that just fall under the general “blockchain” group like cryptocurrencies, crypto wallets, tokenised assets, smart contracts or self-sovereign identity. All of them are applications/architectures that run on top of a blockchain network but are not a fundamental part of the technology. Wester continues:

“It’s possible to have relatively smart discussions about the technology without actually knowing some of those differences, so many semi-informed people don’t even bother to learn the terms and technology”.

The overall picture

All blockchains that require pre-approval (both public and private) are essentially secure as they are immutable, meaning that each block is tied to all others, and adding new blocks needs a consensus among the others. It is exactly this immutability and the requirement of a consensus that makes blockchains more secure than other networking technologies but as we have already seen blockchains are still exposed to attacks.

Even more so, cryptocurrency wallets, used to store private keys that enable access to cryptocurrencies are also vulnerable to attacks. Gold commented:

“If you’re a company looking to use blockchain – and not just for crypto currency –  the amount of time and effort you put into securing the various components of the ledger and process is key”.

As for his views on where the technology stands, Hamiel explained that blockchain is a technology covered in hype, making it a bit contradictory….while some praise it, others will never adopt it. According to Hamiel, the reality is somewhere in the middle:  

“There are certainly problems blockchain solves, and I think it’s an interesting area that people have a lot of questions about. People are curious about the technology, but they don’t have a way to easily gain access to information about it without spending a lot of time to learn about it. I’m hoping this solves that.”

Discussion

avatar