Closed pilotdeveloper closed 3 years ago
@pilotdeveloper Thank you for your application. Anti-gaming is definitely an area of interest to the DeWi grants program. The grant committee looks forward to receiving the details and severity of the potential vulnerability when you share it with grants@dewi.org.
A few points of feedback from my perspective to assist the committee in reviewing this application:
To answer some of your questions:
I was simply explaining what the grant funds would be used for - I do have multiple hotspots available and if grant funds were approved, that would obviously compensate for lost revenue from the deployed units. (see # 3).
I wasn't joking - I would be spending hours of my time to research and validate these initial suspicions. If things worked out, I would use my LLC to accept the grant money and subsequently pay myself (and any additional assignees) for the time spent researching and validating. What I do from there with the funds would likely be taking her on a vacation after delivery considering I'd be taking away hours of my time with her (I do have a day job!). Nonetheless - the next grant proposal (see # 5) will be 100% strictly business.
The method I'm considering would involve editing configurations on the devices themselves which of course runs the risk of messing up the device temporarily. In retrospect, I do suppose a fresh install of the SD card would undo any changes, so effectively - you're correct. It would be unlikely that I'd permanently destroy or disable the device. The additional method to circumvent this would be to use fancy routing techniques with the help of Azure.
3b. Given that you're correct - this can be easily resolved with a quick dd to a new sd-card if things go south, I'll update the requested amount to $2000 to cover my time and efforts.
https://gm.com https://chevrolet.com
-- Additional information can be found on my site: https://ajkelly.net
Also, to demonstrate that I do have knowledge of how this method could potentially work, I can share - https://virtualprivatepi.com. While I have not (and would never) use the method I'm discussing, I do believe it can be done and want to spend time to test it.
Additional note about virtualprivatepi.com - I am actively turning away customers who ask about gaming (because they are reaching out). I'm also tracking IP's to ensure they don't come back and buy despite being turned down.
I've also updated the initial proposal to make it much more business. :)
Thanks for the updates and additional information. Unfortunately, using a VPN is already a known way to bypass the POC checks that limit beacon frequency. There is quite a bit of discussion on this in the Helium Discord poc channel. A solution to this would be well received. However, no funding is needed to confirm that it is an issue. If you have a specific solution to solving, that might be supportable. That said, as you noted, your time might be better spent on your other ideas.
It should be made clear that I'm not talking about using a VPN to bypass the POC checks. That's not the intent of the service at all, and that's not how it's being used. The part I'm specifically talking about is the invalid configurations that one can push to use unlimited hotspots off a single VPN connection potentially.
At least with using a VPN, a person is still having a significant amount of risk (paying for monthly services) and could backfire. The solution I'm discussing may potentially allow them to run multiple devices on the same VPN (or even home connection without a VPN) by using routing and configs.
Interesting. I'd be happy to discuss more if you think there is something there. Feel free to find my on Discord if you don't want to share in public here. I still can't imagine how this would work. The POC limiting is based on the source IP that the hotspot is communicating on as observed by other hotspots on the network. Spooking the source IP is non-trivial and would be more of a security hole in the access router, no?
Thanks again for your interest in the DeWi Grant Program. As follow up to the previous comments about pursuing other potential ideas, I recommend closing this application until you are ready to submit a new application. If you wish to continue to pursue the potential POC issue, there may be other options available such as filing an issue in the Helium open source projects on GitHub or Helium's bug bounty program through Hackerone.
Project:
Routing
Elevator Pitch:
Through running my virtualprivatepi.com service, I believe I've found a vulnerability that allows a person to circumvent the one hotspot per network measures. This project would design a way to prevent this from happening.
Total fiat/hnt ask:
$2000 to cover the time to research and investigate.
Name and Address: Will provide via email.
Please provide your legal name and a link to the submitted issue to grants@dewi.org. This will streamline the contract process and KYC. A lack of this information will delay the contract.
Team or Project website: (optional)
Team or projects social: (optional)
Code Repos of team or key applicants:
Myself - a senior software engineering manager who's working on his Master's of Computer science in his free time.
Project Details: I will spend time to research a potential vulnerability in the project that would allow for a person to host an unlimited number of hotspots off of a single connection.
The deliverables from this will be a report that shows if the vulnerability is in fact an issue along with proposals as to how it can be fixed.
Roadmap:
Due to the nature of this grant request, all specific information will be sent via email to the DeWi alliance. It's critical to note that this is not a confirmed exploit and that at this time, I'm only 60% certain this exploit will work. The grant will fund the cost of the hardware, the time, and the effort it will take to validate the exploit and come up with solutions to resolve it.