Skip to main content

Statement Regarding Claimed Vulnerabilities

· 2 min read

21 June 2023, Eindhoven.

The last few days the ThingsIX network and the team have been attacked both technically and reputationally.

Last Sunday (18 June 2023) our attack detection algorithm got a first hit of suspicious behavior of a mapper. Further investigation showed that the mapper was assigned to one of our co-founders, Bas.

After contacting him, Bas indicated that he had lent his mapper to a third-party and that he agreed that he could (try to) attack the network as long as he reported his findings to the ThingsIX Foundation according to responsible disclosure. Bas gave this permission on his personal title and did not have any correspondence with the board of the ThingsIX Foundation and the rest of the team to get approval.

Immediately after detection the ThingsIX Foundation requested Bas to make sure that the attacks with the mapper assigned to him stopped directly and that the third-party would do a responsible disclosure of any vulnerabilities found.

On Monday (19 June 2023) the attack detection algorithm got another hit on the same mapper. At this stage we directly blocked the mapper and invalidated any coverage of the accounts involved in this attack.

The third-party hasn’t responded to our requests but did suggest publicly on Discord to have found a vulnerability. We also have received numerous messages from other community members where this third-party and a related person are distributing the same claims and other false accusations.

The ThingsIX Foundation welcomes responsible disclosures. This can be done via our e-mail: [email protected]. If disclosures are made irresponsibly or false accusations are made with relation to ThingsIX or it’s team members we will always press charges, inform authorities and hold those involved legally responsible for any damages.

Although he stated that he didn’t intend to do harm to the ThingsIX Network, in the current situation and with ongoing investigations, The ThingsIX Foundation has no other option but to suspend Bas from any activities related to ThingsIX Network and the ThingsIX Foundation.

As our attack detection algorithm detected the attack, we have full confidence in the future of the ThingsIX Network. Furthermore the exchange of sensor-data on the ThingsIX Network continued to operate without any interruption. The ThingsIX Foundation and the team will continue to develop and improve the ThingsIX Network.

On behalf of the ThingsIX Foundation,
Jochem van Haaren
Tim Cooijmans