DLT to Become X2 Popular in IoT

Half of the companies cannot reliably determine whether their IoT devices were hacked
16 January 2019   717

This is stated in the report of the company Gemalto, specializing in digital security.

During 2018, the use of the blockchain in the Internet of Things services and devices increased from 9 to 19 percent. This happens despite the global legal uncertainty around this new technology.

During the study, Gemalto surveyed 950 experts in technology and business. 23% of respondents expressed confidence that the distributed registry technology would be the “ideal” solution for ensuring the security of IoT devices. Moreover, 91% of companies that do not use blockchain today, plan to correct this fact in the future.

Given the increase in the number of IoT-enabled devices, it's extremely worrying to see that businesses still can't detect if they have been breached. With no consistent regulation guiding the industry, it's no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.

Jason Hart

CTO, Gemalto

Despite the gradual increase in the use of blockchain-based solutions, the mass adoption of technology is still far away. Companies mainly rely on other security methods. In particular, 71% of respondents are limited to data encryption, 66% - methods based on passwords, 38% - prefer two-factor authentication. It is also noteworthy that about half of the companies cannot reliably determine whether their IoT devices were hacked.

The overwhelming majority of respondents (95%) are convinced that standardization is necessary for safety methods.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   919

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.