Developers of Ethereum, the world’s No. 2 digital currency by market capitalization, have closed a serious security hole that allowed virtually anyone with an Internet connection to manipulate individual users’ access to the publicly accessible ledger.
So-called eclipse attacks work by preventing a cryptocurrency user from connecting to honest peers. Attacker-controlled peers then feed the target a manipulated version of the blockchain the entire currency community relies on to reconcile transactions and enforce contractual obligations. Eclipse attacks can be used to trick targets into paying for a good or service more than once and to co-opt the target’s computing power to manipulate algorithms that establish crucial user consensus. Because Ethereum supports “smart contracts” that automatically execute transactions when certain conditions in the blockchain are present, Ethereum eclipse attacks can also be used to interfere with those self-enforcing agreements.
Like most cryptocurrencies, Ethereum uses a peer-to-peer mechanism that compiles input from individual users into an authoritative blockchain. In 2015 and again in 2016, separate research teams devised eclipse attacks against Bitcoin that exploited P2P weaknesses. Both were relatively hard to pull off. The 2015 attack required a botnet or a small ISP that controlled thousands of devices, while the 2016 attack relied on the control of huge chunks of Internet addresses through a technique known as border gateway protocol hijacking. The demands made it likely that both attacks could be carried out only by sophisticated and well-resourced hackers.
Attention script kiddies
Many researchers believed that the resources necessary for a successful eclipse attack against Ethereum would considerably higher than the Bitcoin attacks. After all, Ethereum’s P2P network includes a robust mechanism for cryptographically authenticating messages and by default peers establish 13 outgoing connections, compared with eight for Bitcoin. Now, some of the same researchers who devised the 2015 Bitcoin attack are back to set the record straight. In a paper published Thursday, they wrote:
We demonstrate that the conventional wisdom is false. We present new eclipse attacks showing that, prior to the disclosure of this work in January 2018, Ethereum’s peer-to-peer network was significantly less secure than that of Bitcoin. Our eclipse attackers need only control two machines, each with only a single IP address. The attacks are off-path-the attacker controls endhosts only and does not occupy a privileged position between the victim and the rest of the Ethereum network. By contrast, the best known off-path eclipse attacks on Bitcoin require the attacker to control hundreds of host machines, each with a distinct IP address. For most Internet users, it is far from trivial to obtain hundreds (or thousands) of IP addresses. This is why the Bitcoin eclipse attacker envisioned [in the 2015 research] was a full-fledged botnet or Internet Service Provider, while the BGP-hijacker Bitcoin eclipse attacker envisioned [in the 2016 paper] needed access to a BGP-speaking core Internet router. By contrast, our attacks can be run by any kid with a machine and a script.
Raising the bar
In January, the researchers reported their findings to Ethereum developers. They responded by making changes to geth, the most popular application supporting the Ethereum protocol. Ethereum users who rely on geth should ensure they’ve installed version 1.8 or higher. The researchers didn’t attempt the same attacks against other Ethereum clients. In an email, Ethereum developer Felix Lange wrote:
“We have done our best to mitigate the attacks within the limits of the protocol. The paper is concerned with ‘low-resource’ eclipse attacks. As far as we know, the bar has been raised high enough that eclipse attacks are not feasible without more substantial resources, with the patches that have been implemented in geth v1.8.0.” Lange went on to say he didn’t believe another popular Ethereum app called Parity is vulnerable to the same attacks.
The paper, titled Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network, described two separate attacks. The simplest one relied on two IP addresses, which each generate large numbers of cryptographic keys that the Ethereum protocol uses to designate peer-to-peer nodes. The attacker then waits for a target to reboot the computer, either in the due course of time, or after the hacker sends various malicious packets that cause a system crash. As the target is rejoining the Ethereum network, the attacker uses the pool of nodes to establish incoming connections before the target can establish any outgoing ones.
The second technique works by creating a large number of attacker-controlled nodes and sending a special packet that effectively poisons the target’s database with the fraudulent nodes. When the target reboots, all of the peers it connects to will belong to the attacker. In both cases, once the target is isolated from legitimate nodes, the attacker can present a false version of the blockchain. With no peers challenging that version, the target will assume the manipulated version is the official blockchain.
It’s about time
The researchers presented a third technique that makes eclipse attacks easier to carry out. In a nutshell, it works by setting the target’s computer clock 20 or more seconds ahead of the other nodes in the Ethereum network. To prevent so-called reply attacks—in which a hacker resends an old authenticated message in an attempt to get it executed more than once—the Ethereum protocol rejects messages that are more than 20 seconds old. By setting a target’s clock ahead, attackers can cause the target to lose touch with all legitimate users. The attackers use malicious nodes with the same clock time to connect to the target. Some of the same researchers behind the Ethereum eclipse technique described a variety of timing attacks in a separate paper published in 2015.
Ethereum developers put a countermeasure in place against the first attack that ensures each node will always make outgoing connections to other peers. The fix for the second attack involved limiting the number of outgoing connections a target can make to the same /24 chunk of IP address to 10. The changes are designed to make it significantly harder to completely isolate a user from other legitimate users. When even a single node presents users with a different version of the blockchain, they will be warned of an error that effectively defeats the attack.
Ethereum developers haven’t implemented a fix for the time-based attack. Since it generally requires an attacker to manipulate traffic over the target’s Internet connection or to exploit non-Ethereum vulnerabilities on the target’s computer, it likely poses less of a threat than the other two attacks.
The researchers, from Boston University and the University of Pittsburgh, warned users to protect themselves against the eclipse threat.
“Given the increasing importance of Ethereum to the global blockchain ecosystem, we think it’s imperative that countermeasures preventing them be adopted as soon as possible,” they wrote. “Ethereum node operators should immediately upgrade to geth v1.8.”
Be the first to comment