Io.net responds to GPU metadata attack
Io.net, a decentralized physical infrastructure network (DePIN), recently experienced a cybersecurity breach. Malicious users exploited exposed user ID tokens to execute a system query language (SQL) injection attack, which led to unauthorized changes in device metadata within the graphics processing unit (GPU) network.
Husky.io, Io.net’s chief security officer, responded promptly with remedial actions and security upgrades to protect the network. Fortunately, the attack did not compromise the GPUs’ actual hardware, which remains secure due to robust permission layers.
The breach was detected during a surge in write operations to the GPU metadata application programming interface (API), triggering alerts at 1:05 am Pacific Standard Time on April 25.
In response, security measures were reinforced by implementing SQL injection checks on APIs and enhancing the logging of unauthorized attempts. Additionally, a user-specific authentication solution using Auth0 with OKTA was swiftly deployed to address vulnerabilities related to universal authorization tokens.
Source: Hushky.ioUnfortunately, this security update coincided with a snapshot of the rewards program, exacerbating an expected decrease in supply-side participants. Consequently, legitimate GPUs that did not restart and update could not access the uptime API, causing a significant drop in active GPU connections from 600,000 to 10,000.
To address these challenges, Ignition Rewards Season 2 has been initiated in May to encourage supply-side participation. Ongoing efforts include collaborating with suppliers to upgrade, restart, and reconnect devices to the network.
The breach stemmed from vulnerabilities introduced while implementing a proof-of-work mechanism to identify counterfeit GPUs. Aggressive security patches before the incident prompted an escalation in attack methods, necessitating continuous security reviews and improvements.
Related: AI has a hardware crisis: Here’s how decentralized cloud can fix it
The attackers exploited a vulnerability in an API to display content in the input/output explorer, inadvertently revealing user IDs when searching by device IDs. Malicious actors compiled this leaked information into a database weeks before the breach.
The attackers leveraged a valid universal authentication token to access the “worker-API,” enabling changes to device metadata without requiring user-level authentication.
Husky.io emphasized ongoing thorough reviews and penetration tests on public endpoints to detect and neutralize threats early. Despite challenges, efforts are underway to incentivize supply-side participation and restore network connections, ensuring the platform’s integrity while serving tens of thousands of compute hours per month.
Io.net planned to integrate Apple silicon chip hardware in March to enhance its artificial intelligence and machine learning services.
Magazine: Real AI use cases in crypto: Crypto-based AI markets, and AI financial analysis
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Memecoins Outshine Crypto Market with 103% Gains in a Month
Tether Issues $1 Billion in USDT on Tron Network, Boosting Liquidity
Could Solana Be the Next Altcoin to Score a U.S. ETF Approval?
CFTC Clears Bitcoin ETF Options, Paving Way for Institutional Growth