You've probably seen the report by Neha Narula, director of the Digital Coin Initiative at MIT. You've probably seen the Forbes article by Amy Castor.
But you may not have seen:
MIT-DCI's full report of the "vulnerability".
IOTA developer Sergey Ivancheglo's (known as Come-from-Beyond) response to the report.
IOTA founder David Sønstebø's response to the report.
The articles you may not have seen in fact contain important details as to why this "vulnerability" is a non-issue and has actually been around for a while.
The "vulnerability" was first actually disclosed in a blog post from David Sønstebø. It's surprising that people were able to read the sentence "One of the cryptographers we reached out to months ago to review Curl has disclosed that he is worried there might be a potential vulnerability in Curl" and there was no media uproar like there is now. If anything, this is old news. But the media likes juicy stuff, so Forbes decided to take the report by MIT-DCI, released a month after the fact, and write about it as if it was new. The article and report both make several references to the expression "don't roll your own crypto", which at face value seems obvious. Why would you make your own crypto? If you believe that, then how will innovation ever happen? In the words of David Sønstebø, "when spearheading technology for a new paradigm this statement is no longer axiomatic. Progress must march on." If no one "rolls their own crypto" then cryptography will stay the same.
Analysis of the report itself
In other statements made by Come-from-Beyond, this "vulnerability" was actually intentional: it was there to prevent malicious people from copying IOTA's code and using it for their own copycat, and then scamming people with it. He has previously done this with his code in NXT. The key point is that it is not a vulnerability in IOTA, but a vulnerability in any copycat. IOTA uses proprietary code to run the "coordinator" which will protect the network against attacks. In the report by MIT-DCI, they mention that "the coordinator might prevent some problems caused by colliding transactions." This essentially means that the attacks presented in the report could not have worked on IOTA because of the coordinator. Any IOTA copycat is vulnerable to this attack, however, allowing those with technical experience to exploit the vulnerability.
Even on an IOTA copycat the vulnerability is small, and the circumstances that allow it to be exploited are rare. In fact, Narula and her team actually allude to this in their full report when emphasizing "that to produce a signature on a msg2, our attacks require Alice to sign an innocent-looking related message, msg, of our choosing. This is a chosen message attack." Essentially, an attacker would need to convince a victim to sign a message. Currently, this message-signing is not possible in the IOTA wallet but in the APIs, meaning that an experienced user would have to be the victim in this case. No experienced user, however, would be convinced to sign a malicious message. This can be compared to convincing an IT professional to install software from a pop-up ad. The "vulnerability" not only requires another user to be involved, instead of the attacker being able to execute an attack by themselves, but the likelihood of the vulnerability even being exploitable is extremely slim and basically a non-issue. The "vulnerability" that MIT and thus Forbes have made a big deal about is not only non-existent on the IOTA network, but on any IOTA copycat the chances of an exploit are slim.
Analysis of ethics surrounding the reports
When writing the blog post, Narula and her team failed to disclose things that would have affected how people reacted. Aside from the small issue where Narula incorrectly mentioned that the bundle size of IOTA was 10KB and not 1.6KB (which was not relevant to the paper anyway), there are inaccuracies and misrepresentations throughout the report (and subsequently the Forbes article) and unprofessionalism from the MIT-DCI team.
1. Failure to disclose conflict of interest in blog post (and thus the Forbes article): It is only listed in the full report on GitHub that there are conflicts of interest that may have led the researchers to write about the vulnerabilities in an exaggerating way. Thaddeus Dryja has developed Bitcoin's Lightning Network, Madars Virza works for the Zcash company, and Ethan Heilman works with DAGlabs (associated with SPECTRE, an IOTA rival) and Commonwealth Crypto. This may have influenced the report and article's "mountain out of a molehill" nature.
2. Failure to emphasize that the vulnerability cannot be exploited presently (or even in the past) in the IOTA network: the post and article fail to sufficiently emphasize that this vulnerability is now fixed, leading to an uneasy feeling about the current state of the IOTA network. Narula's post briefly talks about how the coordinator would have prevented this vulnerability from ever being exploited on the IOTA network, however Amy Castor's article fails to mention this at all.
3. Biased nature of the blog post: Narula's post comments on how it is "worrisome" that IOTA's partners never noticed this "glaring vulnerability" and includes a section called "Trits and trytes and other red flags" which was entirely unnecessary. She comments on the supposed inefficiency and impracticality of IOTA, not maintaining the objective perspective that any responsible, professional researcher should maintain.
4. Lack of adequate information/incorrect information in the Forbes article: Castor mentions that "the project has not yet waved good-bye to its previous hash function" and still uses Curl in other places, but fails to mention that the use of Curl in these other places is perfectly safe. Additionally, she is outright incorrect when stating that IOTA has since switched to "a variant of...SHA-3". The SHA-3 algorithm (also known as Keccak) used in IOTA is actually the same as a traditional SHA-3 algorithm. She calls this supposed variant "Kerl" which the IOTA team has named because of the protocol's combination of Keccak and Curl. However, she does not realize that the name is only a nod to IOTA's previous use of Curl, instead misleading readers to believe that IOTA has since made another "homegrown hash function".
5. Lack of professionalism from the MIT-DCI team: for being associated with such a prestigious university, the team of researchers are acting surprisingly unprofessional.
PhD candidate Ethan Heilman seems to enjoy gloating about his discovery:
"while self in hole: self.dig()"
--Ethan ✨ Heilman (@Ethan_Heilman) September 10, 2017
Madars Virza thinks that a GIF from the Muppets was appropriate:
Unclear how to parse https://t.co/qaIVhi1GlW ... Weak hash function is a "copy-protection measure" now? pic.twitter.com/GCcLTKHh72
--Madars Virza (@MadarsV) September 8, 2017
Such scholars who want their work to be taken seriously should not be acting so immature.
Overall, the representation of this issue by researchers and media has caused many to overreact to a very small issue. It is important that researchers maintain objectivity and professionalism in their work, and that journalists perform due diligence and proper research before writing an article that could potentially affect a volatile market such as that of cryptocurrency.