Samsung Attack Highlights Bitcoin’s Advantages
[Samsung Pay](http://techcrunch.com/2015/08/13/samsung-launches-samsung-pay-in-the-u-s/) was recently released to the general public. On Oct 6, its centralized server LoopPay was breached by a group of Chinese hackers known as Codoso, or the [Sunshock group](http://www.cnbc.com/2015/10/07/new-york-times-digital-chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html), before the technology was even applied to the mobile processor.
The system Samsung relies upon is a centralized server that acts just like its competitors, Apple Pay and Android Pay. Credit cards, debit cards, and even gift cards are stored on isolated servers, and the company plays the role of an intermediary. LoopPay is a small subsidiary based out of Burlington, Mass, and was acquired to handle the central tech in Samsung’s new systems. Hackers are said to have broken into LoopPay’s corporate network, but have not breached the mobile payment side.
Unfortunately this is a baseline lesson for so many centralized entities, these crimes happen rather often. Centralized servers with vast amounts of stored user data will always be on the forefront of hackers minds. The data alone, containing personal and financial information, is worth millions on the black market.
Back in July, the Obama administration revealed that Chinese hackers breached the Office of Personnel Management, sweeping up over 21 Million people’s personal and financial information. The stolen data included social security numbers, prior arrest reports, drug addiction counselling records, and even fingerprints. This is where technology like Bitcoin and its “un-hacked” protocol comes into play.
Bitcoin offers a decentralized payment processing market in which there is no central server to hack. Now then, some will say “well what about Mt. Gox?” wondering about the infamous exchange that was supposedly hacked for millions of dollars in Bitcoin.
Mark Karpelès was arrested on 1 August 2015 by Japanese police, on suspicion of having accessed the Mt Gox computer system to falsify data on its outstanding balance.
Holders and processors can be hacked indefinitely, just as any of the conventional digital records can within the banking system today. However, these entities are not servers or a main centralized entity on the bitcoin network. BitStamp and Mt. Gox were not holding the blockchain afloat, they were third party intermediaries promising to hold users coins. Those promises are only as successful as the security they hold and their word.
Cryptocurrency service providers such as banks, exchanges, and online wallets can all be compromised. Breaches can happen in the same fashion as Samsung Pay, PayPal, Visa or any non-physical storage facility. However, many companies in the crypto-space operate with contrasting methods of security when compared to the traditional finance sector.
Quite a few Bitcoin businesses in the industry collect certain data, but very differently than most payment processors. Registering with a crypto-service typically requires very little information, perhaps a basic email or nothing at all. Some services go the extra mile when it comes to data collection and use the cryptographic process of zero-knowledge.
Zero-knowledge is a method in which transactions and agreements are made without displaying either parties private information. If built successfully, the processors within this environment have literally no data from their user base, which creates a trustless market for its customers transactions.
The Bitcoin code itself also acts as special kind of processor that would require quite a bit more effort to compromise. The software uses SHA-2 (Secure Hash Algorithm), with hash functions that only operate one way and cannot be decrypted in a typical manner. These cryptographic hash functions are collision resistant.
SHA-256 is part of the SHA-2 family, designed by the NSA. While the first cryptographic family of hash functions, SHA-1, was broken around February of 2005, SHA-2 has yet to be stressed with a strong enough attack to allow the encryption to be breached. This is the cryptographic seal that keeps Bitcoin safe, and it cannot be cracked unless certain maximums of thermodynamics and quantum computing are scaled.
Bitcoin’s network certainly has underlying weaknesses, that have been known throughout the community for quite some time. These weak spots have been heralded as “too difficult” to breach throughout much analysis and many academic reports. Despite this, there have been some close calls.
One of these problems is the theoretical 51% attack, where a single user or organization controls over 51% of the networks mining power. This would allow the entity to initiate a double spend transaction. However, the culprit would be left with the dilemma of destroying the entire network.
"A ‘51% attack’ means a bad guy getting as much computing power as the entire rest of the Bitcoin network combined, plus a little bit more […] One of the things a 51% attacker can do is prevent any transactions or new blocks from anybody besides themselves from being accepted, effectively stopping all payments and shutting down the network."
— – Gavin Andresen, Bitcoin Core developer and Chief Scientist
There were a few instances in 2014 where Ghash.io, formerly one of the largest mining pools within the Bitcoin network, came close to reaching 51%. The pools network has since dissolved, and the worry surrounding this attack has lessened as more mining pools have entered the system, and others bifurcated as the network grew.
Another known weakness, the Sybil attack, is named after an acclaimed book about a woman with multiple personality disorders. This invasion involves controlling many clients, targeting the node infrastructure in the Bitcoin network and forging identities within its framework. Again, the growth of the overall system initiates a defence against this attack, know as pseudospoofing, but this time by adding additional nodes and spreading the ports.
Hardware that creates a fully functional node has become more popular since 2014. The Bitcoin Computer designed by 21inc is specifically designed to operate in this manner, thus adding more nodes to the Bitcoin castles defense system. Bitcoin Core developer and Chief Scientist, Gavin Andresen considers the Sybil attack “very hard” to accomplish and says it is "theoretically worrisome, but practically not a high priority." The attack, he says, is difficult because it’s not so easy to target a specific node.
“The long-running nodes that you probably want to target (merchants or exchangers or e-wallet services, where double-spending could get you a significant number of bitcoins) — unless you invest a ton of hashing power to generate bogus blocks… but that’s stupid, you’re wasting money mining worthless blocks so you can try to pull off a probably-low-value double-spend.”
— – Gavin Andresen
We know that Samsung, Apple, Google, and others cannot be trusted with our data, and we know that centralized servers come with the same old ball and chain. While Bitcoin holders and services can be compromised, most of them contain little user information, and if you look in the right place you will find services that insure coins, offer multi-sig protection, two-factor authentication, and operate with zero knowledge.
To crack the code itself takes breaking universal laws, and this effort seems to be a long ways away. Both the 51% and the Sybil attack present less danger as the network continues to grow, and the community remains vigilant by watching it.
There are not that many banks that offer this sophistication in security, even in this day in age. Most of these financial institutions, if not all, would never operate with zero-knowledge standard practice. Many cryptocurrency services now apply these methods to their systems and users grow thankful by popularizing the products they offer.
Brave New Coin reaches 500,000+ engaged crypto enthusiasts a month through our website, podcast, newsletters, and YouTube. Get your brand in front of key decision-makers and early adopters. Don’t wait – Secure your spot and drive real impact in Q4. Find out more today!