TPMT Security Report： Manufacturer OS Security Analysis and Suggested Remedies
Prepared By TPMT “The People's Miner Team” Discord: AyOhCrypto, source_code
This is a report submitted to the Helium Foundation MCC - Manufacturing Compliance Committee by TPMT, 2022, June.
While on our way to creating separately dockerized mining applications compatible with HNT miner hardware in preparation for the lighter load expected upon hotspots not following the chain, we gained access to various miner OS (via ssh) and also ran the hardware with open-sourced or self-compiled images. Upon collaboration with COTX, we found a system we couldn’t get into without hardware. This leads to this report.
RELEVANT TMPT BACKGROUND; Ay0hCrypto: RF, DATA, Home Networks; source_code: Linux Dev.
While working on SenseCAP, Nebra, and Syncrobit v2 SDXC card version hardware, we were able to SSH in and gain access to the OS within a matter of minutes. By simply generating an ssh key and adding it to the config.json, most users can access their manufacturer's OS and docker containers. (instructions can be found on youtube and the web) While COTX (and possibly others) has added protections against this, simply flashing an sd card with Nebra’s open fleet version compatible with such hardware, or several DIY versions or compiling their own, will give them a working POC and Data capable firmware image that can be accessed as mentioned above. While this is great for innovation and advancement this poses a security risk. While these same techniques and community desire for improvement advancement and innovation are how TPMT came to where we are today, and we in no way wish to impede this kind of community involvement or innovation, we find this as an opportunity to educate, innovate, and improve the network and community while solving a security issue, and providing the framework for better detection of possible gaming.
In consideration of the network, manufacturers, and community developers, we find the security provided by most manufacturers to be lacking. More so, we find the lack of indication or notification that a user has altered or changed their hotspot’s software an easily remedied oversight. This oversight means anyone could pick any brand to cheat with, and the chosen brand would be the suspect or considered a co-conspirator or negligible, at the least. While using an OS security model such as COTX’s, across all brands, would only solve part or the problem or only be a slight roadblock on the way to cheating, it would be the first step in securing the hotspots on the network against malicious actors. Due to the aforementioned reason, any solution must have a 3 fold approach, which we will outline in the SUGGESTED REMEDIES. Having manufacturers, using removable storage as a boot device to secure the firmware shipped with their miners, is a reasonable condition and does not prohibit the end-user from reflashing the sd card or replacing the sd card should removable storage or the files become corrupt.
We have not overlooked that the end-user can use various hardware that costs as little as 5-15USD to circumvent the OS security features, this is addressed in the following sub-section.
In consideration of the above security analysis, with the goal of a more secured network, and keeping in the forefront the advantages of community involvement, contributions, and innovations, TPMT proposes the following 3-fold approach:
1. Require manufacturers who use removable media (SD Card) as boot devices to implement security measures.
2. Enable detection and flagging of firmware alterations or replacements, so that the manufacturers, pocswg, and community (i.e. crowdspot.io) can monitor these units for suspicious activity.
3. Shared communication, detection techniques, discoveries and knowledge between manufacturers and the chosen body.
EXPLANATION OF REMEDIES
1. Suggest manufacturers and integrators use standardized Linux security measures which include Linux native filesystem encryption, boot partition security, and application and configuration (file) verification.
2. By using O.S. detection methods, flagging of altered/replaced operating systems can be achieved. People altering software to improve the network don't end up with days on end of extremely high earnings, or tens or hundreds of witnesses with the exact same RSSI/SNR values. While no one should be punished for choosing what software to run (if legal) on their hotspot, or what software they chose to use to test or create new advancements for the network or part thereof, monitoring of flagged hotspots in no way prohibits or impedes innovation or just tinkering. It does however provide a possible early detection mechanism for possible gaming individuals and groups.
3. By communicating, sharing knowledge, and common detection techniques (not all or sensitive methods) between manufacturers and the chosen supervising body (POCSWG) efforts to catch, deter and stop gaming on the network will become more efficient, organized, and widespread. The manufacturers need not disclose specific detection methods to the community, nor does the POCSWG need to share these methods with manufacturers, but sharing simple techniques that can be combined with already public methods of detection will allow all groups to better detect and stop gaming without compromising any special methods Helium* employees to detect gaming.
While this is in no way a golden bullet, or magical cure-all solution to gaming on a small or institutional level, it is a needed step in the right direction that will enable more future advancements in the helium network, developments in detection and deterrence towards gamers.
If you have questions or suggestions, please contact COTX Networks at:
- COTX Discord
Welcome to Join COTX Community:
- COTX Official Website
- COTX Official E-Store
- COTX Customer Knowledge Base
- COTX Youtube
- COTX Linkedin
- COTX Facebook
- COTX Twitter