By Guy Rosefelt, CPO, Sangfor Technologies
NFTs have become very popular with collectors and are more ubiquitous every day. The idea of owning a one-of-a-kind object even in the digital world is very attractive. The idea is not new as buying unique items inside games has been around for decades. But artists and creatives of all types, be it painting and graphics, music, photography, and even video can now create and sell unique works that cannot be replicated.
First, I need to disclose I am not a huge fan of Non-Fungible Tokens (NFTs). Besides security issues, they are being used by criminals for money laundering of cryptocurrency, and I do not see the value in something that will immediately become worthless when the internet apocalypse happens and your NFT wallet is no longer accessible. But that is just me. Until that happens let’s talk about the security issues. Security issues include phishing scams to access crypto-wallets and steal NFTs, and selling counterfeit items, but the issue I want to discuss is using NFTs to distribute malware.
VIA, a company that specializes in solutions for infrastructure and government, reported that they discovered instances of malware being injected into NFTs and demonstrated how easy it is. It makes sense as NFTs are normally media files that have historically been used to inject code or embed malicious software that runs when open. All being an NFT does is verify that it is the only file of its kind using blockchain. But it does nothing to verify the safety of the file. VIA has even created an open-source tool to scan NFTs to look for malicious code or software in the file.
So, the next time you spend thousands of dollars on an NFT, make sure, even if it comes from a reputable vendor, to scan it before opening it and hope there is a return policy if you find something unexpected. Otherwise, your crypto wallet might have a surprise for you once the internet apocalypse ends.
About the Author
Guy Rosefelt, Chief Product Officer, Sangfor Technologies.
Guy is Chief Product Officer for Sangfor Technologies. He has over 20 years experience (though some say it is one year’s experience twenty times) in application and network security, kicking it off with 10 years in the U.S. Air Force, reaching rank of captain. After his time in the USAF building the first fiber to the desktop LAN and other things you would find in Tom Clancy novels, Guy worked at NGAF, SIEM, WAF and CASB startups as well as big-name brands like Imperva and Citrix. He has spoken at numerous conferences around the world and in people’s living rooms, written articles about the coming Internet Apocalypse, and even managed to occasionally lead teams that designed and built security stuff. Guy is thrilled to be in his current position at Sangfor — partly because he was promised there would always be Coke Zero in the breakroom. His favorite cake is German Chocolate.
Guy can be reached online at email@example.com or on Twitter at @otto38dd and at our company website www.sangfor.com.