The Risks of Broken Access Control and the Blockchain

Access control is a configuration of web applications providing limitations and rules to the access of content and functions between users. Simply put, this is a configuration protocol common in all web applications that gives users access to the data they are allowed but establishes guardrails around data they should not be accessing.  When configured properly, access control will prevent unauthorized users from acting outside their intended permissions. But despite its common use, access control is difficult to implement and manage properly, easily leading to a misconfigured security control that leaves an enterprise’s data at risk.  

As blockchain applications are a form of web application, access control is still a common problem even for blockchain developers. The need to establish access levels, define the parameters, and maintain the user's ability to gather, manipulate, and execute on stored data remains the same. But unlike regular web applications, the blockchain is decentralized, and access control technology was designed under the premise that all information and data is stored in a centralized server. So, while the blockchain is an advancing technology, elements of its foundation are still stuck with a legacy mindset, and require a closer look by security teams, inspecting every function for access control weaknesses.

Impacting web and application environments as well as blockchain systems, a misconfigured access control implementation could provide malicious actors the ability to acquire sensitive files and data as well as perform unauthorized actions on behalf of an existing user. Due to the difficulty for traditional security systems to detect the misconfigurations, it is often too late for an enterprise to close the door on this vulnerability before they are discovered by attackers. And a blockchain's increased visibility means these issues are easier to identify by potential attackers, increasing the risk to enterprises, their data and infrastructure.

A successful exploit of a broken access control vulnerability often occurs when resources are not protected through proper configurations or when protection mechanisms are not enforced correctly. Often these issues are undocumented behavior, or improper implementation of desired behavior. An attacker may take advantage of the absence of proper access control mechanisms to access and manipulate system resources or gather sensitive data. The attack could potentially involve incorrect access control mechanisms in off-chain systems, but carry an impact on-chain, or vice-versa.  

Due to the difficult nature of proper implementation and configuration of access control, the current model of securing enterprise architecture against these vulnerabilities is heavily manual. Code reviews provide a partial solution but does not cover deployment and configuration issues. And if a modification is made to the system after the review, it would be missed. Often, enterprises enlist the services of penetration testing teams to discover and mitigate against these vulnerabilities, but the manual process can be costly and cannot identify all vulnerabilities reliably.

Ultimately, detecting an attack via broken access control is extremely difficult despite the commonality of the vulnerability. There are no mechanisms in-place today to identify access control anomalies and exceptions as existing enterprise security systems don't have visibility into on-chain logic. Intrusion Detection Systems (IDS), for example, have no visibility into on-chain impact of network traffic. Other common enterprise security controls, such as Application Firewalls, lack visibility into the protocols and data used by blockchain systems. While rudimentary blocking is possible, deep inspection by these existing systems is limited.

Organizations that need to meet compliance regulations with their blockchain applications are often left footing the bill for expensive and manual discovery and mitigation of these vulnerabilities. While there are best practices provided as guidance, these are not sufficiently complete to provide regulatory protection. And there are currently no tools to ensure compliance with these guidelines within the organization as there are with non-blockchain systems.  

Broken access control attacks against blockchain systems have carried significant impact over the last few years due to its reliance on the standard approach to access control. One of the biggest Ethereum attacks to date is the Parity multi-signature wallet attack in 2017. A vulnerability was discovered and exploited in the Parity Mutisig Wallet where an attacker gained access and invoked a function that destroyed a system component, enabling them to steal over 150,000 ETH, valued at $30million (US) from the public blockchain. The attacker was able to initialize the Parity library as a wallet, claiming ownership, giving them complete control over the system. After killing the library, the malicious party then attacked other deployed multisig wallets, changing their ownership, and withdrawing funds from over 573 Ethereum accounts. Following this attack, other organizations with multisig wallets were able to deploy fixes, patching the broken access control vulnerability, securing their client’s wallets and assets. But the original theft was never recovered.

Other well-known vulnerabilities that carry significant potential risk to organization are the following:

• CVE-2018-10705, CVE-2018-10666
• CVE-2018-12025, CVE-2018-12230, CVE-2018-14089
• CVE-2018-17111
• CVE-2018-19831

In order to protect against these critical vulnerabilities, enterprises need to approach the blockchain with the same mindset they do their contemporary technology solutions, looking to detect, prevent, and respond to risks and threats in an expedited manner. Integrating blockchain security teams and services early in the adoption process is a positive first step. This helps to establish as part of the culture and process a blockchain security mindset, setting protections to mitigate broken access control vulnerabilities and address other risks before they become a problem. A trained blockchain security team and their specialized tools can help establish a strong security perimeter around your blockchain applications, provide detection and prevention against risks, and assist organizations in ensuring compliance with the various global markets.  

About Valid Network    

Valid Network’s blockchain security platform provides complete life cycle security for enterprise blockchains from initial development to active deployment and management. Based in Be'er Sheva, Israel, the company’s solutions enable enterprises to innovate with blockchain faster, providing complete visibility and control over their distributed applications and smart contract governance, compliance, and security posture through advanced platform capabilities.  

‍

Secure the block with Valid Network.  

Learn more: https://valid.network  

Follow us: LinkedIn | Twitter | Blog

‍

‍