Antminer Flaw Allows Machine Takeover

An Australian security researcher has discovered a flaw in Antminer Bitcoin miners that can be leveraged with CGMiner to obtain complete control of the victim's mining resources. Tim Noise stated that the majority of devices are configured from the factory with a web interface without a password set, which can then be silently adjusted to redirect the mining proceeds to the attackers wallet. Further lulz were had when it was noted that the OpenWRT software is running most operations, including CGMiner as root user. The flaw was tested on the ubiquitous Antminer S5, and Noise is currently testing the proof of concept on the S7 series of devices to see if it can be duplicated. He has posted his version of the exploit code, dubbed "Queen Ant" on shithub. BitMain did not comment on the announcement.

4 thoughts on “Antminer Flaw Allows Machine Takeover

  1. pwnd

Leave a Reply to shinohai Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>