QueenAnt Exploit Lets Hackers Change The Antminer Bitcoin Payout Address

Antminer is one of the most popular Bitcoin hardware manufacturers in the world. The company has built up a solid reputation through their line of Antminer devices, and customers have shown their support for the company throughout the years. But one Australian researcher notices how it is possible to hijack an Antminer through a software flaw in the open source mining software.

IS IT FEASIBLE TO HIJACK AN ANTMINER?

The Antminer devices are primarily configured to be used with the CGminer open source software. Tim Noise, an Australian security researcher, mentions how there is a vulnerability in the configuration of this software that can be exploited. As a result, hackers could take control of any Antminer actively mining Bitcoin.

To be more precise, the device itself would continue its operations as it always has. However, the rewards from mining can be sluiced to a different Bitcoin address. QueenAnt, as this exploit is dubbed, can be found on GitHub. Although this may appear to be an issue with CGMiner itself, the cause lies much deeper.

Noise explains how the vulnerability can be exploited. CGMiner accepts incoming TCP connections through an RPC interface. Every Antminer runs the OpenWRT OS, which includes CGMiner for all of the mining procedures. On top of all this is an OpenWRT LuCi web interface, collecting statistics from the RPC interface without requiring a username or password.

This would allow hackers to inject their Bitcoin address to receive funds, rather than the one belonging to the miner. Luckily, it is relatively easy to bypass this exploit, by updating the cgminer.conf and cgminer.sh, files. Antminer users can change the system password, adding an extra layer of protection.

Another course of action would be to take the Antminers offline entirely, a tactic deployed by bigger mining farms already. For the time being, it appears the Antminer S5 is rather vulnerable to these attacks. At the date of writing, it was unclear if these issues were fixed when the Antminer S7 was produced.

Source:http://themerkle.com/queenant-exploit-lets-hackers-change-the-antminer-bitcoin-payout-address/

Print Friendly

Leave a Reply