Kaspersky Labs warns users of a possible exploit in cryptocurrency blockchains that would allow malicious actors to distribute malware or even images depicting child abuse.
The warning is the result of research of INTERPOL Cyber threat experts, a group that includes a Kaspersky employee.
They warn that the extra space provided in each transaction, intended for notes, messages and as a space to allow additional functions to be built on top of the blockchain, could in fact be used to spread malicious code or worse.
Kaspersky's report states:
“The design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect 'cyber hygiene' as well as the sharing of child sexual abuse images where the blockchain could become a safe haven for hosting such data.”
The blockchain, as Cointelegraph readers are assuredly aware, is the virtually unmodifiable public ledger that acts as the backbone for the Bitcoin network. Once someone commits data to the blockchain, it is there forever unless more than 51 % of bitcoin miners decide to mine on a modified blockchain that doesn't include that data. That would be what is called a “hardfork” and would be extremely difficult if not impossible to pull off, with the current number of bitcoin users.
Despite Kaspersky's recent warnings, storing illegal data in a compressed manner has been a concern for the Bitcoin community for a while. In fact, links to sites containing child abuse images have already been found in early blockchain blocks and storing an image in a hashed form has also been accomplished.
Blockchain transactions don't provide enough room to store illegal images in an uncompressed form effectively. What INTERPOL and Kaspersky seem to be concerned about is either compressed, hashed, images on the Bitcoin blockchain or uncompressed images on alternative coin blockchains that allow for more space.
Encrypted and compressed data needs to be uncompressed and decrypted with an algorithm. Theoretically, since an algorithm is just a set of rules to interpret data, any code can be turned into any other kind of code. Even the words of this text could, in theory, be “decrypted” into an image of the algorithm creator's choosing. It seems extremely unlikely that Bitcoin users would be subject to prosecution for possession or distribution of child pornography, when those images don't “exist” without proper decrypting software.
A more realistic concern would be a small script embedded into the blockchain that either forces the download and install of more powerful code or somehow manages to run a damaging script in the few kilobytes of space provided. It seems it would be difficult to get those scripts to run without user interaction. Nevertheless, Kaspersky implies that even our private keys could be at risk.
“[Blockchain malware] could also enable crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.”
Kaspersky stressed that they are believers in decentralized technology like the blockchain, but pointed out that their role is to identify threats before they become reality. At press time, there is no known instance of users storing and executing malware through the Bitcoin blockchain; it is just a possibility that concerns Kaspersky. They do not, at this time, offer any advice on how users can keep themselves safe. However, leaving updated anti-virus software running while blockchains are downloading is probably a good move, even though some software often finds false positives.
Did you enjoy this article? You may also be interested in reading these ones: