It is heard that blockchain technology is freed from hacking attacks.
Whenever there are new transactions, blockchain technology certifies corresponding transactions after getting consents from members of blockchain. It also does not manage every information from a central server, but it records transaction information after breaking them up. While hackers needed to just target central servers in the past, now they have to target many PCs if they want to hack into blockchain.
Security problem is emerging as a more important issue for Industry 4.0 generation where everything such as IoT (Internet of Things) is connected. This is the reason why blockchain technology is drawing attention from various industries.
◊Blockchain Not 100% Safe from Hackers
Blockchain platform, which is known to have high security, is actually not 100% safe from hacking attacks as hackers need to dominate 51% of network nodes to infiltrate into blockchain. Although it does not sound realistic, it is not an impossible feat.
Story changes if hackers target distinct weak spots of systems. Hacking attack that utilizes malwares that quickly spread through network can destroy blockchain’s distinct security area.
Weak spots of blockchain software, which is an open source, are also being found one after another. Large-scale DDoS (Distributed Denial of Service) attacks especially are lethal on blockchain platforms.
Fortinet Korea recently made an announcement that number of weak points of Bitcoin platform is rising slowly. According to CVE Detail, which is an official site that finds number of weak spots of security, there are 23 CVE weak spots related to Bitcoin.
Problems arise whenever businesses or organizations do not update weak spots of security when they are using corresponding blockchain platforms. Because blockchain platforms are developed as open source and operate through distributed network, it is difficult to carry out swift security patch or verification process. More than 90% of security attacks take place when businesses or organizations operate systems while neglecting known weak spots of security.
“Due to blockchain’s characteristics, ransomware can quickly spread to another node once it hacks into a node.” said Director Bae Joon-ho of Fortinet Korea. “Although it is impossible to hack into transaction process within blockchain, precautions must be set since there are many weak spots of blockchain.”
DDoS attacks can also neutralize blockchain platforms. Blockchain platforms such as Bitcoin and Ethereum use limited servers for their transactions. If some of these servers are damaged, it becomes difficult to control rest of servers. Suppose there are 100 servers that maintain virtual currency, whole system will collapse once 51 of them are damaged. Hackers can carry out DDoS attacks so that blockchain platforms do not operate properly.
There is also a danger of having private keys lost or leaked through user’s interface. Because blockchain technology utilizes public key encryption system, people cannot claim rights to their contents within blockchain if they lose their private keys to third parties. For example, because virtual currency does not have an organization or a business that guarantees one’s rights to contents within blockchain, one cannot find his or her private key once it is lost to hackers.
“Although people may believe that blockchain is a safe security platform, there is not single IT that is safe from hackers.” said a representative for an industry.
◊South Korean Businesses Show Interests to Using Blockchain Technology
South Korea’s security industries have yet to show visual results from using blockchain technology. Most of security industries except for Fasoo and NEXG are still in a beginning stage of research.
Fasoo started developing a document platform called Wrapsody that is applied with blockchain-based technologies and it is planning to officially release this service this coming June. Wrapsody automatically collects and manages every version of documents during a process when documents are created and proves when these documents were stored and whether a document is an original or not. Based on this technology, it secures security and integrity of electronic documents. By applying blockchain-based technologies to its original technology, Fasoo was able to improve credibility of data. Fasoo is predicting that this platform will significantly increase security towards outside hacking attacks such as ransomware.
“By applying blockchain technology to Wrapsody, we were able to improve credibility of data.” said a representative for Fasoo. “We are even thinking about exporting Wrapsody as it is recognized globally.”
Raon Secure is planning to co-develop a biometric system that is applied with blockchain technology with TheLoop. Both companies are going to develop a next-generation certification system that will replace certificates by using blockchain and biometric technologies.
Blockchain biometric system implements FIDO server’s certified information formation process and verification process through Smart Contracts, which is a major blockchain technology. It can reduce amount of security threats of centralized systems that contain certificates.
NEXG recently established a technical company specializing in blockchain, with Sogang University’s Research & Business Development Foundation. This company focuses on development of important platform technologies of blockchain and training of talented people and it focuses on R&D on platforms after receiving technologies from Intelligent Blockchain Research Center. It is also going to carry out a business that will develop a blockchain-based security technology called ‘Block Key’, which can be used in IoT areas such as self-driving car and drone, at the same time.
Excluding these businesses, most of other security businesses is still in a beginning stage of R&D. SK Infosec, which made more than $185 million (200 billion KRW) for two years in a row, stated blockchain business as one of its new business. However, it has yet to make any progress on blockchain business along with other new businesses such as IoT and Cloud.
Jiran Security registered itself as a reserved member of Korea Blockchain Industry Promotion Association earlier this year. By establishing New Technology Convergence Business Department, it is going to plan new technology-based products such as CDR (Contents Disarm & Reconstruction), blockchain, and AI (Artificial Intelligence).
Genians reorganized its technical research institute as ‘research planning office’. While its technical research institute was a group that enhanced products, researching planning office is a group that will focus on securing new technologies such as blockchain and machine learning.
“Most of companies that demand security products do not need specific needs for new security threats, but they move along laws.” said a high-ranking official for an industry. “Security companies also do not spend huge investments or capabilities into development of blockchain that cannot guarantee profits right away.”
Staff Reporter Jung, Youngil | jung01@etnews.com