Skip to content

Bitcoin – pulling the curtains on computer security

April 19, 2013

All software contain bugs. All complex software contain numerous bugs. Some of those bugs are security holes.

When you hear that a software vendor has found and fixed a security problem that means that somehow that specific bug came up one someone’s radar. People who find these holes for a living, and there are quite a few, sell them to others who then exploit them to create massive botnets, extract credit card information from unsuspecting users or in some cases try to attack online banking accounts.

A regular “zero day” exploit into a computer system connected to the Internet can be sold for tens of thousands of dollars making it a worthwhile occupation for crackers.

However, while many regular computer users have had their computers taken over it’s often not something they themselves notice. If their system it’s just used for drive by DDoSing as part of a botnet, encrypted communication forwarding in a virus control protocol or activities otherwise not disturbing their normal computer usage, they have no reason to ponder the fact that any Internet computer system can be broken into. Even if their online banking account gets accessed the banks replace the balance, sometimes without the customer even knowing, since it’s worse for their reputation having to admit security problems. Crackers, on their part, are content with selling exploits on the black market for regular fixed prices.

Until Bitcoin.

A fully digital currency, kept either stored on a regular Internet connected home computer, mobile Internet device or with a cloud service provider is a much more juicy target for a security exploit finding cracker. No profit taking middle men, no traceable transactions in regular national currencies and with the possibility to target many such wallets in a very short time.

All software contain bugs. All complex software contain numerous bugs. Some of those bugs are security holes.

I’m a Bitcoin proponent. I support decentralisation and the removal of the banking and finance tax on human to human monetary transactions. I do have a strong background in computer security though and the above argument has me worried as a serious hindrance to Bitcoin adoption. In short, the only reason you currently still have control over your bitcoins isn’t because you’re better at keeping them safe compared to everyone else – it’s because no one has made you a target. Yet.

(Yes I’m aware of the concept of brain and/or paper wallets – but the currency of the Internet still has to surface when a transaction is to be made and an exploited system could well switch out the target of that transfer then)

I believe, if Bitcoin continues to gain general acceptance, we’ll see for the first time since computers became a household item an awareness of just how insecure such systems really are. It’s not a fault of Bitoin – its protocol still hasn’t been broken – but a fact of complex software. The only solution is to completely redesign our current computing paradigm.

Yeah that will happen.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s