Wednesday February 20, 2019 8:44 PM
3 weeks 6 days ago
As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.A few weeks ago, Bitcoin Core contributor James Hilliard discovered an exploit in Bitmain’s S15 firmware. The pseudonymous Twitter user 00whiterabbit, also known simply as “john,” subsequently wrote exploit code based on Hilliard’s findings. A video proving that the exploit code worked was shared on Hilliard’s Twitter account last week.Hilliard is offering to disclose the vulnerability to Bitmain but under one condition: Bitmain would have to comply to the GNU General Public License (GNU GPL), the popular open source license that the Chinese mining giant is currently breaching, and open source its firmware.“Bitmain firmware is very buggy in general,” Hilliard told Bitcoin Magazine, “and it's important for the health of the Bitcoin network that users be able to fix the bugs Bitmain introduces.”The ExploitHilliard, who is perhaps best known for proposing BIP91, discovered the vulnerability several weeks ago by auditing a firmware update file on Bitmain’s support site. While details have not yet been disclosed, the exploit was found in firmware of the S15, the company’s most powerful SHA256 miner in store. Hilliard thinks the same vulnerability almost certainly exists in all of Bitmain’s mining firmware.“I’m also quite sure there are many other vulnerabilities in t...