In response to a recent SQL injection attack targeting GPU metadata, Io.net's chief security officer, Husky.io, announced rigorous new security measures and a planned webcast to demonstrate live system recovery. This cybersecurity incident, though severe, did not compromise the actual GPU hardware, preserving the integrity of Io.net's extensive network.
Io.net Enhances Security Measures After SQL Attack Compromises GPU Metadata
According to Cointelegraph, Io.net, a decentralized physical infrastructure network (DePIN), recently suffered a cybersecurity incident. Malicious users used exposed user ID tokens to perform a system query language (SQL) injection attack, resulting in unauthorized device metadata modifications inside the graphics processing unit (GPU) network.
Husky.io, Io.net's chief security officer, quickly responded with corrective steps and security modifications to safeguard the network. Fortunately, the attack did not compromise the GPUs’ hardware, which remains secure due to robust permission layers.
The breach was discovered amid a surge in write operations to the GPU metadata application programming interface (API), resulting in alerts at 1:05 a.m. Pacific Standard Time on April 25.
In response, security measures were strengthened by adding SQL injection checks to APIs and improving monitoring of unauthorized attempts. In addition, a user-specific authentication solution based on Auth0 and OKTA was quickly deployed to address vulnerabilities in universal authorization tokens.
Unfortunately, this security update coincided with a snapshot of the rewards program, aggravating a predicted drop in supply-side participation. As a result, valid GPUs that did not restart and upgrade could not access the uptime API, causing a dramatic decline in active GPU connections from 600,000 to 10,000.
Ignition Rewards Season 2 was launched in May to address these difficulties to encourage supply-side engagement. Ongoing efforts include working with vendors to upgrade, restart, and reconnect equipment to the network.
Security Breach Exposes Vulnerabilities in Io.net's API, Prompting Intensive Countermeasures
The leak resulted from flaws discovered when creating a proof-of-work system for detecting counterfeit GPUs. Before the event, aggressive security patches increased attack tactics, demanding ongoing security studies and enhancements.
The attackers used a vulnerability in an API to display items in the input/output explorer, mistakenly revealing user IDs when searching for device IDs. Malicious attackers gathered this exposed information into a database weeks before the incident.
The attackers used a legitimate universal authentication token to get access to the "worker-API," which allowed them to update device metadata without the need for user authentication.
Husky.io underlined the importance of continuing detailed assessments and penetration tests on public endpoints to discover and neutralize attacks early on. Despite the issues, efforts are being made to encourage supply-side involvement and restore network connections, guaranteeing the platform's integrity while servicing tens of thousands of compute hours monthly.
Io.net intended to integrate Apple silicon chip hardware in March to improve its artificial intelligence and machine learning capabilities.
Photo: Microsoft Bing
Comment 0