Cybersecurity vendor Kudelski Security hopes the flawed open-source ledger it’s created will help users learn about blockchain and let developers suggest security enhancements.
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first “purposefully vulnerable” blockchain – and will demo it at next month’s Black Hat conference. Kudelski Security’s FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.
The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it’s modular – allowing users to hack and add new challenges to promote continuous learning. The Kudelski blockchain will be available as both a code download on GitHub and as a demo on the company’s website, allowing testers to play with its features and learn how it works without having to download code. “For the most part, blockchains aren’t inherently secure,” Hamiel said. “There’s an entire ecosystem around blockchain, just like there is around traditional applications. Quite often you’ll have vulnerabilities that crop up in places that are rather unexpected.
What we wanted to do was create this pre-made blockchain, create this educational framework around it so you can learn more about it and more about blockchain security.” The concept is similar to other open-source projects, such as creating web applications so developers can test their skills attacking them to expose vulnerabilities.
As a write-once, append-many technology, blockchain itself is highly secure, but experts point out the distributed ledger technology does not live in a vacuum. In order to be of use, applications such as cryptocurrencies are embedded into the blockchain – making it vulnerable to certain attack vectors.