In an unusual turn of events, the United States National Security Agency (NSA) has advised Microsoft Windows users to patch their operating systems to safeguard against the BlueKeep vulnerability.
Meanwhile, Microsoft has recently made an open request to whitehat hackers around the world to try and hack into its flagship cloud computing platform, Azure, in an attempt to weed out any underlying security vulnerabilities.
The NSA warning comes off the back of recent research that indicates that there are close to a million internet-enabled computers that could be exploited by the BlueKeep vulnerability.
— Rob Joyce (@RGB_Lights) June 4, 2019
Keeping BlueKeep at Bay
Officials are concerned that the BlueKeep issue could escalate to the levels of the 2017 WannaCry ransomware cyberattack that affected well over 200,000 computers worldwide. Perhaps this is the reason why the NSA avoided the usual communication channels, like CERT, since BlueKeep could be a threat to Windows-based national security systems.
On the flip side, calling out whitehats to perform more penetrative tests and security-risk analyses on Azure could be a publicity stunt aimed at highlighting the security of the platform — to entice new users to try it.
Struggling to Keep Up?
According to a recent report, as of Q4 2018, Azure has a market share of only around 16.5 percent — just above half of that controlled by Amazon’s AWS. With rising competition from tech giants like Google, Alibaba, and upstarts like DigitalOcean, Microsoft is rightfully concerned about onboarding and retaining users.
In the past, Azure has had worldwide service disruptions due to bad SSL certificates and a myriad of minor bugs — which could have been avoided if ample testing were performed.
To promote such tests, Microsoft has released a Safe Harbor statement — wherein security researchers and white-hat hackers are given legal clearance and immunity to report vulnerabilities by being more actively involved in their bug-bounty program.
Decentralized Operating Systems
Could similar threats be found in decentralized operating systems like EOS or nOS? Could there eventually be a BlueKeep or WannaCry-like exploit for decentralized operating systems?
As it turns out, the answer appears to be yes. According to recent reports, the blockchain technology that was once considered immutable and unhackable is getting exploited by an increasing number of vulnerabilities.
While crypto-exchange hacks can be attributed to platform-related bugs, API exploits, and theft; theoretical vulnerabilities — like a 51-percent attack, smart contract implementation flaws, and unforeseen bugs — are becoming a real threat to even popular blockchains.
However, since it is unlikely that a decentralized operating system can be subverted by a single infected node or even a group of nodes, there is little chance that an infection-based attack could threaten most larger blockchain-based operating systems. However, with malware designers becoming ever more devious, it might just be a matter of time until even this becomes possible.
Perhaps the only way to tackle this issue is by not only exposing blockchain operating systems to end users and smart-contract developers but also to researchers experienced with traditional attack vectors — since nodes are only as secure as the hardware they run on.
Do you think decentralized operating systems can ever be subjected to a WannaCry-scale attack? If so, will code still be law, then? Let us know your thoughts in the comments!