Unpatched Ethereum Clients expose the ecosystem to 51% Attack risk

Haythem Elmir
0 1
Read Time2 Minute, 18 Second

Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients.

Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered that the Ethereum clients and its users remained exposed for “extended periods of time” after security patches have been released.

SRLabs research suggests that security vulnerabilities remain unpatched for many Ethereum blockchain participants for extended periods of time, putting the blockchain ecosystem at risk..

Experts pointed out that a hacker who controls more than 51% of the computational power in the Ethereum network can double spend coin and undermining the trust in the ecosystem. An attacker that can crash a large number of nodes, could be able to control 51% of the network in an easier way.

For that reason, denial of service issue are classified as high severity in cryptocurrency networks, the attackers can leverage these issue to reduce the amount of computational power needed to perform a 51% attack.

In February, SRLabs reported a vulnerability in the Parity client that could be exploited to remotely crash Parity Ethereum node running versions prior 2.2.10.

“According to our collected data, only two thirds of nodes have been patched so far. Shortly after we reported this vulnerability, Parity released a security alert, urging participants to update their nodes.” continues the report.

A month after the flaw was patched, experts have found that around 40% of all scanned Parity Ethereum nodes remained unpatched. Another patch released on Mar 2, 2019 was installed by around 70% of Parity Ethereum nodes, leaving the remaining 30% exposed.

The situation is worse is we consider that 7 percent of Parity nodes still run a version vulnerable to a critical consensus vulnerability patched in July 2018.

The following graph shows the percentage of unpatched Ethereum nodes in 2019 that decreases slowly over time.

Ethereum nodes.PNG

Researchers explained that the Parity Ethereum has an automated update process, but it suffers from high complexity and some updates are left out. 

The report confirms that the patch management for Geth client is even worse that does not include an auto-update feature. Geth clients remained unpatched for longer periods of time.

“According to their announced headers, around 44% of the Geth nodes visible at ethernodes.org were below version v.1.8.20, a security-critical update, released two-month before our measurement.,” continues the SRLabs team.

Experts conclude that the lack of basic patch hygiene undermines the security of the entire Ethereum ecosystem.

Source: https://securityaffairs.co/wordpress/85837/hacking/ethereum-clients-unpatched-risk.html

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei

Google has reportedly suspended all businesses with the world’s second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps […]