Samsung suggested that “smartphones have the best security for blockchain and cryptocurrency.” The author, Joel Snyder, puts this down to smartphone (and Samsung) Trusted Execution Environments (TEEs). Snyder explained:
The TEE is a separate execution environment with its own memory and persistent storage, completely isolated from the rest of the device.
SMARTPHONES ARE BETTER THAN LAPTOPS
If a wallet runs the right “trustlets” to manage security keys “security is seriously tight,” says Snyder. Laptops don’t run TEEs so it’s argued that versus smartphones, smartphones edge out as a better choice.
The Next Web spoke to a handful of experts. This includes Bitcoin$7078.10 +0.41% developer Jameson Lopp who agrees that TEEs give security benefits, but that attacks can happen elsewhere in the software stack. Lopp says:
Malware can affect other critical components of the wallet operation while creating a transaction, resulting in the funds being send to an attacker’s address.
Lopp would only keep as much cryptocurrency in a single signature smartphone wallet as he’d keep in a conventional cash wallet.
Matthew Green, a Johns Hopkins cryptography professor, also agrees that TEEs are a “good thing” and make “hacker’s jobs more difficult.” But, when an application makes a request to a TEE like “send Bitcoins to a specific person,” the TEE protects the keys. However, sophisticated malware might be able to compromise the application. Green said:
Even obvious countermeasures like requiring a password only help a little, since a particularly sophisticated piece of malware can just wait for you to enter the password in order to make a legitimate transaction.
The quality of TEEs can be an issue, security issues have been identified even in those developed by Qualcomm and Trustzone.
For smartphones, constantly being connected to Wi-Fi networks, also increases risks.
Няма коментари:
Публикуване на коментар