When the cloud first began gaining ground in the business world, it did so amidst a storm of hype. It was going to revolutionize how we work and live, we were told. Publications flooded us with details on the myriad benefits and strengths of this fascinating new technology while quietly glossing over its shortcomings.
The current fascination many people seem to have with cryptocurrency—specifically its foundational technology, blockchain—is reminiscent of that. There is no doubt that blockchain has some very real and valuable applications where transactional security is concerned. Yet it is not the holy grail of cybersecurity that some have hyped it up to be.
Last month, we wrote about a unique type of cryptocurrency known as FumbleChain. Developed by Kudelski security, it exists to teach developers and hobbyists alike about the vulnerabilities present in distributed ledger technology. These include:
- No built-in safeguards against phishing scams. Remember the old cybersecurity adage—your users will always be your most significant vulnerability. This principle is just as applicable to blockchain as it is to any other technology. A clever attacker can cause significant losses for a blockchain network through social engineering.
- No human oversight. Because blockchain transactions happen automatically and without manual intervention, compromised data tends to be more difficult to detect. This is best evidenced by routing attacks, in which hackers intercept the large volume of data transferred with each transaction—data that may not be encrypted by default.
- Not actually tamper-proof. One of the most significant purported benefits of blockchain is that it’s impossible to tamper with or modify data once it’s in the ledger. Enter the 51% attack, in which a threat actor gains a controlling interest in a blockchain, allowing them to rewrite the chain as they see fit. It’s even possible in some cases to ‘cheat the system’ and modify transactions without a controlling interest.
- Fake transactions. Because blockchain nodes must remain in constant communication with one another, an attacker who gains control over one can use it to waste computing resources, either creating fake transactions or forcing transactions to be re-computed. If enough nodes are compromised in this fashion, the entire ledger can be brought down, a tactic known as a Sybil attack.
Blockchain is a promising technology. There is little doubt about that. However, it’s not the game-changer people have made it out to be—it simply represents one more line of defense against attackers.
To cut through the hype, it’s important to remember that ultimately, there is no such thing as a system that is 100% secure. There will always be vulnerabilities, and there will always be oversights and mistakes that savvy criminals can exploit. Anyone who claims anything different is probably trying to sell you something.