Io.net, a decentralized physical infrastructure network (DePIN), recently faced a significant cybersecurity challenge. This incident involved a SQL injection attack facilitated by exposed user ID tokens, leading to unauthorized alterations in device metadata across its extensive GPU network.
The breach occurred when attackers exploited vulnerabilities in the system’s SQL handling to inject malicious queries. This manipulation affected the metadata of various devices within the GPU network but did not compromise the hardware thanks to the network’s robust security layers.
The anomaly was detected due to an unusual surge in write operations to the GPU metadata API, triggering security alerts at 1:05 AM PST on April 25. Husky.io, the Chief Security Officer at Io.net, responded by implementing SQL injection checks on all relevant APIs and enhancing the logging processes for unauthorized access attempts.
Security Enhancements and Challenges
In a rapid response to the breach, Io.net upgraded its security measures, including the deployment of a user-specific authentication solution integrating Auth0 with OKTA. This was aimed at closing the loopholes associated with universal authorization tokens.
However, these security upgrades coincided with a snapshot of the network’s rewards program, which led to a temporary reduction in supply-side participation. Devices that did not restart and update their configurations were unable to connect to the uptime API, resulting in a drastic drop in active GPU connections from 600,000 to just 10,000.
To mitigate the impact of the breach and to boost supply-side engagement, Io.net launched Ignition Rewards Season 2 in May. This initiative, along with ongoing collaborations with suppliers to update and reconnect devices, aims to stabilize the network’s infrastructure.
Origin of the Breach
The breach was traced back to recent enhancements intended to introduce a proof-of-work mechanism for identifying counterfeit GPUs. Unfortunately, these changes inadvertently increased the network’s vulnerability to SQL injection attacks. Prior security patches, although aggressive, were not sufficient to prevent the escalation in attack methods.
Further investigation revealed that an API used to display content in the input/output explorer had unintentionally exposed user IDs when device IDs were queried. Malicious actors compiled this information into a database, which they exploited using a universally valid authentication token to alter device metadata through the “worker-API.”
Ongoing Security Measures
In response to the incident, Husky.io has emphasized the importance of continuous security reviews and penetration testing, especially on public endpoints, to promptly identify and mitigate threats. This proactive approach aims to maintain network integrity and ensure the safe provision of compute resources.
Amid these challenges, Io.net is also progressing with its strategic plans, including the integration of Apple silicon chip hardware in March to enhance its capabilities in artificial intelligence and machine learning services.
While the breach posed significant challenges, Io.net’s prompt and effective response highlights its commitment to security and reliability. The ongoing efforts to fortify the network and incentivize participation are crucial steps towards recovering full operational capacity and continuing to serve its users effectively.
Featured image credit: Rubaitul Azad via Unsplash