Blockstream to Review its Supermicro Hardware Parts After Motherboards Compromised
Oct 8, 2018, 7:34PMBlockchain company Blockstream will review its hardware units manufactured by Supermicro after recent reports relating to its security issues.
Blockstream, a blockchain company that develops new technologies and funds Bitcoin core development, has admitted that its Liquid Network could also be vulnerable to attacks via the back door recently discovered on motherboards manufactured by Chinese company Supermicro. Blockstream also mentions that there is no evidence that any of their motherboards have been compromised.
In a post on the company's blog, Blockstream stated that the back door could theoretically affect the Liquid Network's functionary server. The consequences of a vulnerability could be severe, such as the theft of users' private keys. However, Blockstream says the company is taking many precautions to prevent damage and running through due process, saying,
While there is no indication that our motherboards were compromised, we cannot rule out this possibility. In the coming days, we will ship a sample of our motherboards to a third-party security company for extensive examination. This process will take time, but we will disclose the results as they become available.
Blockstream also says that the Liquid Network’s general designs greatly diminishes the chances of a hardware exploitation. They also plan to diversify their suppliers, add additional validation before signing on the key module and improve general functionality to detect anomalous behaviour.
Blockstream develops several Bitcoin applications, most notable sidechains, which are ledgers that can be used off of the main ledger and considered to be a solution to the scaling problem.
US Department of Homeland Security Concurs with Tech Giants
Early this month, Bloomberg reported that Chinese spies had planted chips on motherboards manufactured by company Supermicro, which are used by over 30 U.S. companies including Amazon and Apple. Amazon discovered a small microchip that wasn’t part of the original blueprint and reported the finding to authorities, though both Amazon and Supermicro have denied that any of their systems have actually been compromised.
Apple also denied that it had been affected, saying that Bloomberg may have been referring to a previous one-off incident involving Supermicro,
In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips….Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.
The US Department of Homeland Security also backed Amazon, Apple, and Supermicro, stating in a press release that,
like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.