editor’s question
– whatever the EOS Platform has
been implemented to support as
a solution. The uncrackable
Blockchain (as it is
advertised) can be owned
by the fundamental
technology designed to
protect it; WASM files
(smart contracts) and a
simple file upload.
MOREY J HABER,
CHIEF TECHNOLOGY
OFFICER,
BEYONDTRUST
O
n Monday,
May 28 2018,
The Hacker
News reported
on a wicked
vulnerability
within the
EOS Blockchain Platform. While the
vulnerability is considered critical,
and the method of exploitation fairly
basic (a maliciously crafted file), the
ramifications are truly astounding. After
the vulnerable parser reads the file, it
forces an exploit on the node which
could then be leveraged against the
supernode on the EOS platform.
The supernode is responsible for
collecting transaction information and
packing it into blocks. Once the threat
actor owns the supernode, they can
modify or create malicious blocks that
would control the entire EOS network. This
includes everything the EOS Blockchain
Platform has been implemented to
perform – from cryptocurrency, supply
chain management, to identity storage
28
My intent is not to beat
up the EOS Blockchain
Platform, but rather
to point out that every
technology is vulnerable.
Blockchain has been
advertised as an ultra-secure
database ledger technology, but the
operating system, web service and other
components required to make it a viable
platform can suffer from the same risks
as any other app