Io.net responds to GPU metadata attack

Io.net, a decentralized physical infrastructure network, suffered a cybersecurity breach recently. Hackers exploited exposed user ID tokens, enabling an SQL injection attack that altered device metadata within the GPU network.


As an analyst, I’d rephrase that as follows: I.net, a decentralized physical infrastructure network (DePIN) where I serve as an analyst, recently fell victim to a cybersecurity attack. The assailants took advantage of exposed user ID tokens and utilized them to carry out SQL injection assaults. Consequently, they were able to make unauthorized modifications to device metadata within the GPU network.

Husky.io’s Chief Security Officer acted swiftly, implementing corrective measures and enhancing security features in response to an attack on Io.net’s network. Fortunately, the GPUs’ physical hardware was unscathed by this incident thanks to the strong access control systems in place.

As I monitored the system logs late last night on April 25, I noticed an unusual spike in write requests directed towards our GPU metadata API around 1:05 am PST. This surge prompted immediate alerts due to its potential impact on performance and security.

In response, we strengthened security by adding SQL injection safeguards to our APIs and improving the tracking of unauthorized access attempts. Furthermore, we quickly implemented a user-centric authentication system, combining Auth0 with OKTA, to tackle concerns related to indiscriminate authorization tokens.

As a crypto investor, I was unfortunate that the security update arrived at the same time as a snapshot of the rewards program. This combination led to a larger-than-expected decrease in the number of supply-side participants. Sadly, legitimate GPUs that failed to restart and apply the update were unable to access the uptime API. The result was a drastic drop in active GPU connections, plummeting from a steady 600,000 to just 10,000.

To tackle these issues, we launched Ignition Rewards Season 2 in May, inviting suppliers to engage more actively on the supply side. Our ongoing strategies involve working closely with suppliers to enhance, restart, and reconnect their devices to the network.

The issue arose due to weaknesses that were introduced during the integration of a PoW system to detect fake GPUs. Prior to the incident, overzealous security updates had provoked adversaries to adopt more sophisticated attack strategies, leading to the need for frequent security assessments and enhancements.

As a researcher studying cybersecurity incidents, I’ve come across a case where attackers exploited a weakness in an API. Specifically, they managed to show content in the input/output explorer that should not have been accessible. This exposure unintentionally revealed user IDs when searches were conducted using device IDs. Malefactors collected this data several weeks prior to the reported breach and amassed it into a database for future use.

The attackers used a legitimate universal token to gain entry to the “worker-API,” allowing them to make modifications to device information without the need for individual user authorization.

As a crypto investor using Husky.io, I can assure you that we prioritize regular, in-depth assessments and security tests on our public endpoints to swiftly identify and address potential threats. Although we encounter hurdles, we remain committed to encouraging supply-side engagement and reestablishing network connections. By doing so, we uphold the platform’s robustness while delivering compute hours for tens of thousands of users each month.

In March, Io.net announced its plans to incorporate Apple’s advanced silicon chips into their system for improving the capabilities of their AI and ML services.

Read More

2024-04-28 14:33