Key Insights:
- Io.net detected a SQL injection breach affecting GPU metadata during a surge in API write operations.
- Remedial actions included SQL injection checks and the deployment of user-specific authentication solutions.
- Despite the attack, Io.net’s hardware remains secure, safeguarded by robust permission layers.
Io.net, a key player in decentralized physical infrastructure, recently faced a cybersecurity breach. Malicious users exploited exposed user ID tokens, resulting in unauthorized changes within the GPU network. Husky.io, the Chief Security Officer of Io.net, responded promptly with security upgrades and remedial actions to fortify the network.
The breach was first noticed during an unexpected surge in write operations to the GPU metadata API early on April 25. This triggered alarms, leading to an immediate security response. Additionally, the team implemented SQL injection checks on APIs and improved the monitoring of unauthorized access attempts.
So – we fucked up.
On 4/25/24 user(s) were able to use previously exposed user ID tokens to perform a SQL injection attack and mess with device metadata.
To prevent this in the future, we accelerated a deployment of auth zero authentication (OKTA) at the device level, which… https://t.co/PXdthHMU81
— hushky.io (@0xHushky) April 28, 2024
Moreover, a new authentication solution featuring Auth0 and OKTA was quickly rolled out. This addressed the vulnerabilities tied to universal authorization tokens. Unfortunately, this update clashed with a snapshot of the rewards program, leading to a decline in supply-side participants. Legitimate GPUs that failed to restart and update lost access to the uptime API, causing active GPU connections to plummet from 600,000 to just 10,000.
To counter these setbacks, Io.net has launched Ignition Rewards Season 2, aiming to boost supply-side involvement. The ongoing collaboration with suppliers aims to upgrade and reconnect devices to the network effectively.
The initial vulnerability stemmed from an attempt to implement a proof-of-work mechanism to identify counterfeit GPUs. Prior aggressive security patches inadvertently led to escalated attack methods, underlining the need for continuous security enhancements.
The attackers exploited a gap in an API that displayed content in the input/output explorer. This flaw inadvertently exposed user IDs when device IDs were searched. Using a valid universal authentication token, the attackers accessed the “worker-API” and altered device metadata without needing user-level authentication.
Husky.io emphasized the importance of ongoing thorough reviews and penetration testing of public endpoints to detect and neutralize threats early. Despite the challenges, efforts to incentivize supply-side participation and restore network connections are in full swing, ensuring the platform maintains its integrity and continues to deliver tens of thousands of compute hours each month.
In March, Io.net announced plans to integrate Apple silicon chip hardware to enhance its artificial intelligence and machine learning services, further demonstrating its commitment to advancing its technological infrastructure.
The recent tweet on X regarding the live stream, which planned to address the security breach head-on and implement robust improvements, shows that Io.net aims to ensure the continued reliability and security of its infrastructure, reinforcing trust among its users and partners.
