Security Market Segment LS
Monday, 02 July 2018 14:51

Don't assume blockchain is secure, says McAfee tech chief

McAfee APAC CTO Ian Yip McAfee APAC CTO Ian Yip

A lot of people are trying to apply blockchain technology to applications other than cryptocurrency. But are they paying enough attention to security issues?

"Blockchain presents a whole bunch of unknowns" from a security perspective, McAfee APAC chief technology officer Ian Yip told iTWire.

"I don't think you can ever take away the security issues completely."

McAfee recently published a report on the various security risks around blockchain.

While the discussion is mostly in the context of cryptocurrencies, the problems can apply to other applications.

Security issues with an application "don't go away just because you've put it on the blockchain", he warned.

For example, smaller blockchains are vulnerable to majority attacks, where an attacker can bring enough processing power to bear that it can essentially overwrite the blockchain. In some cases, this can be achieved with $500 worth of cloud compute resources, Yip said.

"There's only trust as long as you can trust that the blockchain hasn't been overwritten."

Another problem is FOMO – "there's a lot of hype" and people are trying to apply blockchain without really understanding it. When he asks people why they are using blockchain in a project, the answer is often "we're not sure."

"Some people do it just for airtime," Yip observed. "There doesn't seem to be a 'killer app' for blockchain apart from cryptocurrency".

Application development practices have an impact on the security of any system, including those using blockchain.

"The culture of security has improved" to the point that it is a mainstream consideration, but "it's still humans writing code" so security has to be designed in from the outset.

For example, a smart contract is code, and that code can be exploited independently of the underlying blockchain.

And it doesn't matter how secure a blockchain is, it can't protect flawed processes from being exploited.

"Defence in depth [today] is far more complicated than defence in depth five years ago," Yip said. "It takes a lot of knowledge to understand all the moving parts", though there would be even more issues if programming skills and practices hadn't improved.

But attackers "are ever more creative", he warned. In particular, they are able to build on each others' knowledge more easily than the defenders to, because attackers have clearer goals.

"There's always been informal collaboration" within the software industry, but organisations need to work more closely together on common goals, Yip suggested. "There's still room for improvement."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments