smart - All Articles - CISO Platform2024-03-29T15:23:33Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/smartYou May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Contractshttps://www.cisoplatform.com/profiles/blogs/you-may-have-paid-more-than-you-imagine-replay-attacks-on2018-09-24T06:30:00.000Z2018-09-24T06:30:00.000ZAmit, CISO Platformhttps://www.cisoplatform.com/members/AmitCISOPlatform<div><p><span>In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully.</span></p><p></p><p><span>The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.</span></p><p></p><p><strong>Speakers:</strong></p><p></p><ul><li><span>Zhenxuan Bai Freelance Security Researcher</span></li><li><span>Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology</span></li><li><span>Senhua Wang Freelance Security Researcher</span></li><li><span>Kunzhe Chai Leader of Pegasus Team at 360 Radio Security Research Department, 360 Technology</span></li></ul><p></p><p></p><p><span><strong>Zhenxuan Bai</strong><br /> Zhenxuan Bai is a freelance Security Researcher interests in smart contract and blockchain, consultant of UnicornTeam. He is a co-researcher of the decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message and BIS secure mail without keys.<br /> <br /> <strong>Yuwei Zheng</strong><br /> Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He cracked the protocols of Blackberry BBM, PIN message, BIS secure mail, and successfully decrypted the messages without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.<br /> <br /> <strong>Senhua Wang</strong><br /> Senhua Wang is a freelance Security Researcher interested in smart contract and blockchain, consultant of UnicornTeam<br /> <br /> <strong>Kunzhe Chai</strong><br /> Leader of PegasusTeam at 360 Radio Security Research Department in 360 Technology. He focuses on wireless security, including attack-defense research. He is the person in charge of the attack and defense technology of Skyscan Wireless Intrusion and Prevention System, One of the authors of the well-known wireless security tool MDK4. He leads his team to share the research results at HITB, HITCON, Blackhat, China ISC etc.<br /> <br /> twitter@swe3per</span></p><p></p><p><strong>Detailed Presentation:</strong></p><p><iframe src="//www.slideshare.net/slideshow/embed_code/key/uUwBuaEx5QWB2B" width="650" height="485" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/you-may-have-paid-more-than-you-imagine-replay-attacks-on-ethereum-smart-contracts" title="You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Contracts" target="_blank">You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Contracts</a></strong> from <strong><a href="https://www.slideshare.net/cisoplatform7" target="_blank">Priyanka Aash</a></strong></div><div style="margin-bottom:5px;"><strong>(Source: DEF CON 26)</strong></div><p> <br /> </p><div style="margin-bottom:5px;"><strong><a href="http://event.cisoplatform.com/quick-member-sign-up/" target="_blank"><img width="750" src="{{#staticFileLink}}8669803288,original{{/staticFileLink}}" class="align-full" alt="8669803288?profile=original" /></a></strong></div></div>Building Smart Cities of the Future Takes a Team of Expertshttps://www.cisoplatform.com/profiles/blogs/building-smart-cities-of-the-future-takes-a-team-of-experts2021-02-18T23:02:15.000Z2021-02-18T23:02:15.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669841260,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669841260,original{{/staticFileLink}}" class="align-center" alt="8669841260?profile=original" /></a></p><p>Today I am honored to join the World Smart Cities Economic Development Commission Advisory Board of the<span> </span><a href="https://www.wbaforum.org/" target="_blank">World Business Angels Investment Forum</a><span> </span>(WBAF), a partner of the G20 Global Partnership for Financial Inclusion (GPFI), to support job growth, digital inclusion, and social justice worldwide. </p><p>I am joining the team that will help guide the investment and development of safe and beneficial smart cities across the globe. These communities will showcase the great economic, societal, and personal benefits of digital technology. Smart Cities will become important hubs where digital technology improves the daily lives of its citizens, fuels economic growth, and reduces city overhead administration costs. </p><p>This value will attract cyber threats seeking to disrupt services, commit online crime, and harvest sensitive data. Cybersecurity must roll-out with the great innovations of smart cities to grow in a secure, private, and safe manner for the benefit of everyone. Trust is the backbone of longevity for successful digital adoption.</p><p>The investment and development of smart cities will accelerate the benefits of digital transformation to communities around the globe. The economic, societal, and personal benefits will thrive if progress is well-planned and risks properly mitigated. </p><p>I am excited to be part of the team, as a cybersecurity expert on the Advisory Board, to help build secure, private, and safe smart cities of the future. </p></div>