Ethereum network developers recently released geth v1.8 for node operators. The patch plugs the security loophole that can be used to manipulate individual users’ access to the public ledger. The patch was released after researchers at Boston University and University of Pittsburgh highlighted a vulnerability, known as “eclipse attack.”
What is an eclipse attack?
Eclipse attacks are network-level attacks carried out by other nodes by hoarding and monopolizing the victim’s peer-to-peer connection slots, keeping the node in an isolated network. These types of attacks are meant to isolate nodes by keeping up-to-date blockchain information from reaching the eclipsed node.
According to Bleepingcomputer, even Bitcoin is vulnerable to eclipse attacks. However, it requires thousands of malicious nodes to attack Bitcoin network. In case of Ethereum network, there was a need for only two malicious nodes to initiate the attack.
Possible damages from an eclipse attack
Eclipse attacks prevent a cryptocurrency user from connecting to real peers. Attacker-controlled peers redirect the target to a manipulated version of the blockchain network. That means transactions and contractual obligations can be modified at will. Even the affected party’s computing power can be used to manipulate algorithms that establish crucial user consensus. Notably, self-enforcing “smart contracts” can also be modified.
What does the research paper say?
Ethereum’s P2P network includes a mechanism for cryptographically authenticating messages. By default, peers establish 13 outgoing connections, versus eight for Bitcoin. Therefore, it was believed that Ethereum is less vulnerable to attacks than Bitcoin. However, the research report explained that it was the opposite.
“We demonstrate that the conventional wisdom is false. We present new eclipse attacks showing that, prior to the disclosure of this work in January 2018, Ethereum’s peer-to-peer network was significantly less secure than that of Bitcoin. Our eclipse attackers need only control two machines, each with only a single IP address. The attacks are off-path-the attacker controls endhosts only and does not occupy a privileged position between the victim and the rest of the Ethereum network. By contrast, the best known off-path eclipse attacks on Bitcoin require the attacker to control hundreds of host machines, each with a distinct IP address. For most Internet users, it is far from trivial to obtain hundreds (or thousands) of IP addresses. This is why the Bitcoin eclipse attacker envisioned [in the 2015 research] was a full-fledged botnet or Internet Service Provider, while the BGP-hijacker Bitcoin eclipse attacker envisioned [in the 2016 paper] needed access to a BGP-speaking core Internet router. By contrast, our attacks can be run by any kid with a machine and a script.”
In January, the researchers informed Ethereum developers about the vulnerability. That led to the coding of version 1.8. The latest fix does not eliminate the attack, but raises the bar. The number of nodes required to attach the Ethereum network has been raised from two to thousands.
Three possible attacks on Ethereum network
The research paper titled “Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network,” described two possible attacks.
According to ars Technica, the simplest one relied on two IP addresses, which each generate large numbers of cryptographic keys that the Ethereum protocol uses to designate peer-to-peer nodes. The attacker then waits for a target to reboot the computer, either in the due course of time, or after the hacker sends various malicious packets that cause a system crash. As the target is rejoining the Ethereum network, the attacker uses the pool of nodes to establish incoming connections before the target can establish any outgoing ones. Ethereum developers have put a countermeasure in place against the attack. The patch would ensure that each node will always make outgoing connections to other peers.
The second technique works by creating a large number of attacker-controlled nodes and sending a special packet that effectively poisons the target’s database with the fraudulent nodes. When the target reboots, all of the peers it connects to will belong to the attacker. In both cases, once the target is isolated from legitimate nodes, the attacker can present a false version of the blockchain. With no peers challenging that version, the target will assume the manipulated version is the official blockchain. The fix for this attack involved limiting the number of outgoing connections a target can make to the same /24 chunk of IP address to 10. The changes are designed to make it significantly harder to completely isolate a user from other legitimate users. When even a single node presents users with a different version of the blockchain, they will be warned of an error that effectively defeats the attack.
Other than the two described above, there is another easy way to attack an Ethereum network. it works by setting the target’s computer clock 20 or more seconds ahead of the other nodes in the Ethereum network. The same researchers published a separate paper in 2015. To prevent so-called replay attacks—in which a hacker resends an old authenticated message in an attempt to get it executed more than once—the Ethereum protocol rejects messages that are more than 20 seconds old. By setting a target’s clock ahead, attackers can cause the target to lose touch with all legitimate users. The attackers use malicious nodes with the same clock time to connect to the target. Ethereum developers haven’t implemented a fix for the time-based attack. Since it generally requires an attacker to manipulate traffic over the target’s Internet connection or to exploit non-Ethereum vulnerabilities on the target’s computer, it likely poses less of a threat than the other two attacks.
The researchers have suggested node operators to upgrade to geth v1.8.