One company thinks that the key to developing more secure blockchains, is to start with insecure ones.
Blockchain is created with security and transparency in minid. But that doesn't mean the technology is flawless with no vulnerabilities. In one way or another, blockchain can still be tampered and compromised, and this is what Kudelski Security wants to solve.
The cybersecurity firm announced that it is launching an insecure blockchain, called the 'FumbleChain', at the Black Hat USA infosec convention.
Claiming it as the industry’s first intentionally vulnerable blockchain, the system is designed to be flawed right from the start. Here the company is persuading hackers to break it.
In doing so, the security firm hopes to learn how hackers can exploit the decentralized systems, and eventually learn how to make blockchains more secured.
“There is a common misconception that blockchains are inherently secure, but the reality is that the technology is incredibly nuanced and complex, and a great deal of attention must be paid to its underlying security and cryptography,” explained Nathan Hamiel, head of cybersecurity research at Kudelski Security.
FumbleChain runs a fake e-commerce application called FumbleStore, a CTF (capture the flag) type hacking game.
Here, the company asks the hacking participants to compete to either break or secure computer systems, and capture various components of digital real estate.
Written in Python programming language, the company wants to make it easy for CTF participants to read and modify its source code. The blockchain‘s code is also modular so more CTFs or hacking challenges can be added over time to promote continuous learning.
FumbleChain is similar to DVWA (Damn Vulnerable Web Application), a PHP/MySQL web application that is 'damn vulnerable', which aims to teach and help web developers to better understand the processes of securing web applications.
With blockchain gaining popularity with its uses beyond Bitcoin, many large enterprises have started leveraging the technology. Unfortunately, many struggle with how to best secure it.
"When it comes to deploying blockchain solutions, security often takes a back seat to development of core functionality," said Hamiel.
"There is a common misconception that blockchains are inherently secure, but the reality is that the technology is incredibly nuanced and complex, and a great deal of attention must be paid to its underlying security and cryptography. We're launching FumbleChain as part of broader efforts to raise awareness of the importance of blockchain security. Black Hat is the ideal platform for sharing information on vulnerabilities of innovative technology like blockchain before it's widely deployed."
According to FumbleChain's website, the goal of this project is to raise awareness about blockchain security, and how to protect the various components making up the blockchain ecosystem.
The project is part of Kudelski Security's Blockchain Security Center and its work expanding an ecosystem of partners focused on secure blockchain development..
Kudelski Security is an advisor and cybersecurity company, and this blockchain project is just one of its initiatives to reduce business risk, maintain compliance and increase overall security effectiveness of products.
FumbleChain has been made available as a code repository on GitHub.