Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.
The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.
Read
http://www.antbleed.com/ for more info
The shutdown backdoor has been independently tested by multiple people.
Edit:
I have analyzed the code and I have determined how this is happening and most likely why it was put there.
First, let's start with the how. The firmware will
spawn a thread which calls the
send_mac function which, as the name implies,
sends data about the machine to the
AUTH_URL auth.minerlink.com. The device then will attempt to
receive data from the server and check if the response is
false. If it is, the function returns true which sets the
stop_mining global variable to be true.
When that variable is true, in the temperature checking thread, it will set the
status_error global variable to true. That will then tell the
work update function to
not send out jobs so it is no longer mining.
Now for the why.
Bitmain previously was going to launch a service called Minerlink. This service never launched, but it was intended get the
"real-time miner status remotely". There is probably a feature that allows you to make sure that the only miners submitting work for you are your miners, hence the need for an auth url. It is also possible that another feature was to allow you to remotely stop a machine from mining if it were misbehaving. This would explain why this code was put there in the first place. However, since minerlink does not exist, this functionality is now a liability and should have been removed long ago.