Foreshadow, The Next Critical Flaw In Crypto

Aug 16, 2018 at 11:20 Update Date :Feb 27, 2019 at 07:46 UTC

Another problematic flaw in the security of cryptocurrencies was unveiled last Tuesday. This new development has the potential to affect all of the tech space, including projects of digital currencies that are looking to boast specific hardware devices.

Following the discovery of a couple of bugs in the system previously this year, the new Foreshadow bug will affect all of Intel’s Software Guard Extensions (GSX) enclaves – which is supposedly a special, “super secure” portion of the chip which is utilised for the storage of sensitive information. Essentially, this secure portion has been breached by a group of researchers.

Meltdown and Sepctre, the last two bugs, were problematic enough, managing to affect every single Intel chip, which powers most of the computers in the world. However, it was difficult to execute.

While Foreshadow may be targetting only the SGX-specific portions of the hardware, a lot of crypto-projects around the world are looking into using this technology. Therefore, Foreshadow could have global ramifications.

Notably, Moxie Marlinspike, the creator of Signal, is currently advising a more green token dubbed MobileCoin that will be based around SGX technology. It has also raised about $30 million in the effort. Projects like these have to considerably restructure themselves before beginning operations for real.

Phil Daian, a security researcher at Cornell University, said, “The findings released today absolutely have a broad impact on cryptocurrency projects.”

However, researchers have been able to come up with a responsible procedure for disclosure of bugs and managed to alert Intel before revealing it to the world, so that fix could be obtained in due time.

However, people in the field of crypto security are still unconvinced that all of this will be enough, and are raising voices to that effect.

“It is likely that, because many of these systems are slow to upgrade and because many of these fixes require either involved or hardware upgrades, infrastructure will remain vulnerable to this class of attack for a long time,” Daian also stated. “It would be surprising if at some point this flavor of attack is not used to steal cryptocurrency.”

Leave a Reply

Please Login to comment
Notify of