1. 3

Also it appears to have a remote code execution vulnerability.

  1.  

  2. 1

    That’s weird. The first tweet says “unexploitable”. Retweet says exploitable without explaining why.

    1. 1

      From reddit:

      I have analyzed the code and I have determined how this is happening and most likely why it was put there.

      First, let’s start with the how. The firmware will spawn a thread which calls the send_mac function which, as the name implies, sends data about the machine to the AUTH_URL auth.minerlink.com. The device then will attempt to receive data from the server and check if the response is false. If it is, the function returns true which sets the stop_mining global variable to be true.

      When that variable is true, in the temperature checking thread, it will set the status_error global variable to true. That will then tell the work update function to not send out jobs so it is no longer mining.

      Now for the why.

      Bitmain previously was going to launch a service called Minerlink. This service never launched, but it was intended get the “real-time miner status remotely”. There is probably a feature that allows you to make sure that the only miners submitting work for you are your miners, hence the need for an auth url. It is also possible that another feature was to allow you to remotely stop a machine from mining if it were misbehaving. This would explain why this code was put there in the first place. However, since minerlink does not exist, this functionality is now a liability and should have been removed long ago.

      1. 1

        This check runs from inside the temperature-checking thread, the URL for the endpoint it checks is hardcoded to Antminer’s server, there’s zero authentication of the server or client, and the only thing the CNC server can do is stop a miner.

        The developer now claims this was an incomplete feature.