Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Security researchers have discovered a severe vulnerability in EOS blockchain platform that could allow remote hackers to take complete control over the node servers that maintain the technology.

EOS is an open source smart contract platform, known as 'Blockchain 3.0,' that allows developers to build decentralized applications over blockchain infrastructure, just like Ethereum.

Discovered by Chinese security researchers at Qihoo 360—Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts.

To achieve remote code execution on a targeted node, all an attacker needs to do is upload a maliciously crafted WASM file (a smart contract) written in WebAssembly to the server.

As soon as the vulnerable process parser reads the WASM file, the malicious payload gets executed on the node, which could then also be used to take control over the supernode in EOS network—servers that collect transaction information and pack it into blocks.
"With the out of bound write primitive, we can overwrite the WASM memory buffer of a WASM module instance," the duo explained in their blog post published today. 
"And with the help of our malicious WASM code, we finally achieve arbitrary memory read/write in the nodeos process and bypass the common exploit mitigation techniques such as DEP/ASLR on 64-bits OS. Once successfully exploited, the exploit starts a reverse shell and connects back to the attacker."
Once the attackers gained control over the supernode, they could eventually "pack the malicious contract into the new block and further control all nodes of the EOS network."

Since the node system can be controlled, the researchers said the attackers can "do whatever they want," including:
  • stealing the key of the EOS supernode,
  • controlling the virtual currency transaction of the EOS network, and
  • acquiring other financial and privacy data in the EOS network participating node systems, such as an exchange Digital currency, the user's key stored in the wallet, key user profiles, privacy data, and much more.
"What's more, the attacker can turn a node in the EOS network into a member of a botnet, launch a cyber attack or become a free "miner" and dig up other digital currencies," the researchers said in a Weibo blog post.
Researchers have detailed how to reproduce the vulnerability and also released a proof-of-concept exploit, along with a video demonstration, which you can watch on their blog post.

The pair responsibly reported the vulnerability to the maintainers of the EOS project, and they have already released a fix for the issue on GitHub.

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System Reviewed by Unknown on 2:49 AM Rating: 5