Security Market Segment LS
Monday, 02 July 2018 14:51

Don't assume blockchain is secure, says McAfee tech chief

McAfee APAC CTO Ian Yip McAfee APAC CTO Ian Yip

A lot of people are trying to apply blockchain technology to applications other than cryptocurrency. But are they paying enough attention to security issues?

"Blockchain presents a whole bunch of unknowns" from a security perspective, McAfee APAC chief technology officer Ian Yip told iTWire.

"I don't think you can ever take away the security issues completely."

McAfee recently published a report on the various security risks around blockchain.

While the discussion is mostly in the context of cryptocurrencies, the problems can apply to other applications.

Security issues with an application "don't go away just because you've put it on the blockchain", he warned.

For example, smaller blockchains are vulnerable to majority attacks, where an attacker can bring enough processing power to bear that it can essentially overwrite the blockchain. In some cases, this can be achieved with $500 worth of cloud compute resources, Yip said.

"There's only trust as long as you can trust that the blockchain hasn't been overwritten."

Another problem is FOMO – "there's a lot of hype" and people are trying to apply blockchain without really understanding it. When he asks people why they are using blockchain in a project, the answer is often "we're not sure."

"Some people do it just for airtime," Yip observed. "There doesn't seem to be a 'killer app' for blockchain apart from cryptocurrency".

Application development practices have an impact on the security of any system, including those using blockchain.

"The culture of security has improved" to the point that it is a mainstream consideration, but "it's still humans writing code" so security has to be designed in from the outset.

For example, a smart contract is code, and that code can be exploited independently of the underlying blockchain.

And it doesn't matter how secure a blockchain is, it can't protect flawed processes from being exploited.

"Defence in depth [today] is far more complicated than defence in depth five years ago," Yip said. "It takes a lot of knowledge to understand all the moving parts", though there would be even more issues if programming skills and practices hadn't improved.

But attackers "are ever more creative", he warned. In particular, they are able to build on each others' knowledge more easily than the defenders to, because attackers have clearer goals.

"There's always been informal collaboration" within the software industry, but organisations need to work more closely together on common goals, Yip suggested. "There's still room for improvement."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments