Io.net Boosts Security Measures Following Cybersecurity Breach, Plans Increased Supply-Side Engagement
Summary:
Io.net, a decentralized physical infrastructure network, recently faced a cybersecurity breach when exposed user ID tokens were utilized for an unauthorized SQL injection attack, leading to changes in GPU network metadata. The issue was addressed promptly by Husky.io, the head of security, by reinforcing security measures. This unfortunate event coincided with a dip in supply-side participants, causing significant reduction in active GPU connections. Io.net has since implemented corrective actions like user-specific authentication solutions and started Ignition Rewards Season 2 to encourage supply-side involvement. Steps are underway to ensure detailed security reviews and neutralize possible future threats.
The decentralized physical infrastructure network, Io.net, recently suffered a cybersecurity infringement when nefarious users took advantage of revealed user ID tokens. This led to a system query language (SQL) injection assault, resulting in unsanctioned alterations to the device metadata in the graphics processing unit (GPU) network.
Husky.io, the head of security for Io.net, quickly addressed the issue with corrective actions and security enhancements to safeguard the network. Luckily, this incident did not affect the actual hardware of the GPUs, which remained secure due to tough permission layers.
The security breach was identified during a spike in write operations to the GPU metadata API, which set off alarms at 01:05 am PST on April 25. In response, Io.net tightened security by introducing SQL injection audits on application program interfaces (APIs) and boosting the record of unauthorized attempts. They also rapidly rolled out a user-specific authentication solution using Auth0 with OKTA to tackle vulnerabilities associated with universal authorization tokens.
Unfortunately, the security update corresponded with a screenshot of the rewards program, which aggravated the anticipated drop in supply-side participants. As a result, legitimate GPUs that did not restart and update experienced downtime, leading to a significant reduction in active GPU connections from 600,000 to 10,000.
To counter these issues, Ignition Rewards Season 2 was launched in May to promote more supply-side engagement. Activities are ongoing, and assortments involve working with suppliers to upgrade, reboot, and reconnect devices to the network.
The breach originated from vulnerabilities that arose during the establishment of a proof-of-work (PoW) mechanism to detect fake GPUs. Prior to the incident, intensive security patches spurred attackers to resort to more advanced techniques, creating a need for constant security evaluations and amends.
The culprits targeted a weak spot in an API to display content in the input/output explorer, unintentionally exposing IDs when searching by device IDs. The unauthorized users amassed this leaked data into a database a few weeks before the attack.
The attackers utilized a valid universal authentication token to breach the 'worker-API,' facilitating changes to device metadata without the need for user-level authentication.
Husky.io highlighted the importance of ongoing in-depth reviews and break-in tests on public endpoints to promptly identify and neutralize potential threats. Despite difficulties, efforts to motivate supply-side engagement and reinstate network connections are proceeding.
Despite setbacks, Io.net is working to maintain the platform’s integrity as it supplies tens of thousands of compute hours per month. In March, Io.net planned to integrate Apple silicon chip hardware to improve its artificial intelligence (AI) and machine learning (ML) services.
Published At
4/28/2024 2:11:50 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.