European Union Proposes Rule Change to Ban Encryption Backdoors

TheMerkle EU Encyrption BackdoorGovernment officials and encryption often do not mix all that well. This is especially true when looking at the US government as an example. It now appears the EU parliament is trying to change things, by proposing to ban all encryption backdoors altogether. This is a major development in the fight for consumer privacy, although it remains to be seen how things will play out in the end. EU Is Not a Fan of Encryption Backdoors A lot of people will be surprised to learn the European Union is not in favor of creating encryption backdoors. In fact, they have

TheMerkle EU Encyrption Backdoor

Government officials and encryption often do not mix all that well. This is especially true when looking at the US government as an example. It now appears the EU parliament is trying to change things, by proposing to ban all encryption backdoors altogether. This is a major development in the fight for consumer privacy, although it remains to be seen how things will play out in the end.

EU Is Not a Fan of Encryption Backdoors

A lot of people will be surprised to learn the European Union is not in favor of creating encryption backdoors. In fact, they have no intention of making it easier to read consumer data. Obtaining the information is subject to whole different guidelines, though, which is often criticized by consumer privacy advocates. A new proposal has surfaced last week, which is an amended regulation that could shake up things quite a bit.

More specifically, this new proposal would demand service providers to make end-to-end encryption available at any given time. Moreover, it forbids the use of backdoors to gain guaranteed access to information. Rest assured this new proposal will not be to the liking of most law enforcement agencies in the EU, and some backlash regarding this proposal is to be expected.

The EU wants to ensure its residents are aware the region can still guarantee confidentiality and safety of data at all times. Encryption backdoors are only intended to weaken consumer privacy, which is not acceptable under any circumstances. Government officials often claim backdoors are needed in the fight against terrorism, even though consumers will have their data violated at any given time. Weakening encryption is never the answer to solving problems.

Do keep in mind this is still only a proposal, which needs to be approved by the European Parliament. Afterward, it will be thoroughly reviewed by the EU Council. Amendments to this proposal are to be expected, even though no one knows exactly if they will be needed. Law enforcement agencies and politics will have a thing or two to say regarding this proposal and how it takes away their “power do to the right thing.”

Moreover, if this proposal is approved without further changes, it may end up creating a right between the EU and other countries. Especially the United Kingdom is not a big fan of encryption and feels backdoors are the only viable path forward. Then again, it is due time politicians realize backdoors will not help them in a positive manner, as it only creates more problems along the way. The last thing consumers need is agencies going through all of their data without permission.

It will be interesting to see how the European Parliament will respond to this proposal. After all, this rule change would affect dozens of countries at the same time. It could become a big win for privacy advocates within and outside of the European Union, though. Then again, proposals like these are hardly ever approved without any major changes being made to them. It will be an interesting topic to keep an eye on moving forward, that much is evident.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Antminers May Contain Backdoor Vulnerability…Or Buggy Security Feature

vulnerabilityThere have been recent allegations that Bitmain can shut down all of its Antminer mining hardware remotely. This supposed “backdoor” vulnerability has been dubbed “Antbleed,” and can be viewed via lines of code on Github and Pastebin. The website antbleed.com was created apparently to explain the vulnerability to the public. Also read: There’s a Big Difference Between Electronic

The post Antminers May Contain Backdoor Vulnerability…Or Buggy Security Feature appeared first on Bitcoin News.

vulnerability

There have been recent allegations that Bitmain can shut down all of its Antminer mining hardware remotely. This supposed “backdoor” vulnerability has been dubbed “Antbleed,” and can be viewed via lines of code on Github and Pastebin. The website antbleed.com was created apparently to explain the vulnerability to the public.

Also read: There’s a Big Difference Between Electronic Fiat and Cryptocurrency

According to the website, the process of shutting down the mining hardware is accomplished when Antminer firmware connects with the centralized service every 1 to 11 minutes. The Antbleed website clarified what happens when the miner connects with the central server,

“Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return “false” which will stop the miner from mining.”

The Antbleed website authors claimed the vulnerability could allow for the mass shutdown of miners worldwide, contributing to a loss of about 70% of the hashing power. They mentioned this vulnerability could allow Bitmain or government officials to disrupt or target specific miners.Antminers May Contain Backdoor Vulnerability...Or Buggy Security Feature

They also suggested that even if Bitmain is not being malicious, the API is non-authenticated and could cause disastrous problems in the event of a hijack or hack. This would likewise shutdown Antminers on a global scale.

However, the Bitcoin developer Sergio Demian Lerner did not see the problem as that significant or devastating. He tweeted that it’s not necessarily exploitable anyway, depending on the code. According to his tweet, the way the code is set up does not allow for easy hacking or backdoor usage.

Bitmain’s Blog Response to Accusations

In a news post, Bitmain also rejected claims that their “Antbleed” code is malicious. They called it open source and available for all to see. It was not intended to be nefarious. It was only supposed to be a feature. Bitmain said they meant for this feature to allow customers to have access to shutting off their miners in case they were stolen or put into use by others. They even cited some statistics about when miners were withheld or stolen by others:

“In 2014, around 1,000 Antminers were withheld from the owner by a hosting service provider in Shenyang, China. In 2015, around 2,000 units of Antminers were withheld from the owner by a hosting service provider in Georgia. In 2017, Bitmain’s own miners were withheld and sold without its consent in Canada.”

They went on to state that the feature was implemented to provide law enforcement with more tracking information if miners were indeed stolen. Their post said they never planned on arbitrarily shutting off anyone’s mining equipment without proper consent or authorization. The company compared their feature to Smartphone auto erase or remote shutdown functionality.

Bitmain also admits they never completed the auto shutdown feature on their blog post. They said it was started when they began development on Antminer S7, and wanted to finish it on the S9. The project came to a halt due to technical difficulties. They claimed the leftover code is merely a bug—and combined with the scaling debate in the bitcoin community—it has caused mass misunderstanding based on old grudges.

Antminers May Contain Backdoor Vulnerability...Or Buggy Security Feature

Bitmain Offers Solution to Vulnerability

Nonetheless, Bitmain quickly offered a solution to the “bug.” They said, “we have released the new updated source-code on GitHub and new firmware on our website which removes this bug.” Bitmain suggested that all Antiminer owners upgrade their software to an updated list provided in their blog article. They also advised no one to download any “firmware” from third-party contributors, because it could lead to problems with hardware functioning and be susceptible to attacks from hackers.

Do you think “Antbleed” is a purposeful vulnerability or an accidental bug? Let us know in the comments below.


Images via Shutterstock and Bitmain.com


We got it all at Bitcoin.com. Do you want to top up on some bitcoins? Do it here. Need to speak your mind? Get involved in our forum. Wanna gamble? We gotcha.

The post Antminers May Contain Backdoor Vulnerability…Or Buggy Security Feature appeared first on Bitcoin News.

What is the Large Bitcoin Collider, and What’s With All the Drama Surrounding It?

large bitcoin colliderThe Large Bitcoin Collier (LBC) -not to be confused with LocalBitcoins – is a decentralized network of computers looking to utilize the collective computing power to find a collision of private Bitcoin keys. Its name pays homage to the Large Hadron Collider. Essentially this project is looking to challenge the notion that it is “impossible” to break into a Bitcoin wallet via generating the coin’s private key by way of its public key. If ever successfully done, it could very well change the way that we think about Bitcoin. It would either sink the coin’s viability as a secure currency or

large bitcoin collider

The Large Bitcoin Collier (LBC) -not to be confused with LocalBitcoins – is a decentralized network of computers looking to utilize the collective computing power to find a collision of private Bitcoin keys. Its name pays homage to the Large Hadron Collider.

Essentially this project is looking to challenge the notion that it is “impossible” to break into a Bitcoin wallet via generating the coin’s private key by way of its public key. If ever successfully done, it could very well change the way that we think about Bitcoin. It would either sink the coin’s viability as a secure currency or prompt various developers to reassess the question of Bitcoin’s network security.

How Likely is This and Are My Coins Safe?

Considering that LBC has a trophy case of wallets they have cracked, we are not outside of the realm of this being a large problem in the future. LBC also claims that there is nothing illegal about searching for collisions themselves, and that some instances of breaking a wallet may result in financial gain for the pool or individual while still abiding within the law. LBC does, however, note that even taking the potential legal cut of a wallet’s contents still makes you an insufferable jerk.

Though the current number of successful wallet smashes is relatively low (probably even statistically insignificant considering the amount of bitcoin wallets), it raises alarms for me at the very least. However, encryption algorithms can always be upgraded, and frankly the threat of a widescale attack on wallets is great impetus to constantly rethink the network’s security.

Troubling News

While the chance of having your private keys smashed are low enough that no one really needs to worry too much now, there are some troubling things going on with LBC’s program code. Vice’s Motherboard recently did an exposé on a troubling discovery pointed out by a reddit user while pouring over the source code.

It would appear that several thousand lines of code have either been identified as malicious, dubious, or just plain unexplainable. The most worrying of all the discoveries as the actual backdoor built in for remote code execution. A debate/argument between the OP and the author of this code erupted and poured over on to bitcointalk.

The author argued that this was this was for removing a client from the disk, and implored the OP to suggest a better way than this remote code execution if they knew one. Though the argument was heated and many accusations were thrown, it was refreshing to see both parties restrain themselves from personal attacks and work together to discover the problem and its solutions. The previous lack of disclosure and disclaimer seemed to be the more offending aspect of the project.

LBC seems to have addressed these mains concerns by adding a warning on the site which discourages running this program on anything but a dedicated server or a virtual machine so that any remote code executions would/could not access or affect sensitive data. However they have not altered the code, so I agree that even if you trust LBC entirely, letting anyone potentially have full run of your files is worrying enough to stray away. Overall I would like to see this project or similar ones continue their efforts as a way to check Bitcoin’s security, however security concerns over who may have a backdoor into your computer leaves me wary and unconvinced.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.