Secret Network claims it has resolved the Intel hardware flaw
The creators of Secret Network have patched a security flaw involving Intel hardware.
The makers of the Layer 1 blockchain Secret Network have patched a security risk identified by researchers who identified a flaw in the Intel hardware used by the network to facilitate privacy-preserving smart contracts.
The claimed privacy applications from Secret may have been hacked owing to xAPIC or PIC Leak, a vulnerability in some Intel SGX CPUs.
Software companies often employ Intel SGX processors for privacy computing. The blockchain nodes of Secret employ them to encrypt data in a trusted execution environment (TEE) software configuration. However, the inclusion of the xAPIC vulnerability meant that hackers could possibly spy on SGX-reliant systems. To demonstrate the vulnerability Secret faces, the researchers retrieved a “consensus seed” to decode all private transactions on the blockchain of Secret.
“We assessed the TEE-based blockchain Secret Network to see whether it was vulnerable to PICLeak and discovered the master decryption key for the whole network,” said Andrew Miller, the report’s principal researcher and an assistant professor at the University of Illinois at Urbana-Champaign.
Contrary to Secret’s claim of total anonymity, the researchers demonstrated that a malevolent hacker could have gotten the whole transactional history of the network.
SCRT Labs, the developer of Secret Network, stated in a blog post that, to the best of its knowledge, no such incident involving a privacy breach had occurred, adding that the hardware vulnerability only affected the privacy of data stored on Secret Network that was not used to determine the consensus of the blockchain.
The researchers alerted SCRT Labs of the vulnerability for the first time on October 3. SCRT Labs took action to prevent new nodes from connecting to the network in order to reduce the vulnerability’s exposure.
Later, the blockchain company collaborated with Intel to create a patch that would prevent susceptible PCs from connecting to the network. According to the report, this remedy was implemented on November 2 through a network update, and the network is now safe. “With this update, xAPIC attacks against the Secret Network mainnet are now impossible,” asserted SCRT Labs.
SCRT Labs said that it delayed the publication of the vulnerability in order to prevent hostile hackers from exploiting it while the fix was being developed.