Bitcoin wallets on older iphones are insecure

imstillthebest

full member

Activity: 1638

Merit: 122

Quote from: Byakuga on October 08, 2019, 01:32:35 AM

The operating system of iphones are never open source right from day one so it might even be an inside job from the company itself, its better to switch to android phones even if its older android phones they don't have this kind of issue, if you are using iphone for your crypto wallets you should take this very seriously

you mean older android phones are secure ? i have a couple of old android but i tried to reformat them and they can be easily reformatable which means the phone can be used again by a new owner but newer android phones are not like that . newer units are always more secure . iphone including the older ones are more secure than android because they are not easily reformated . the only issue of them is that they arent open source , like what you said .

Byakuga

member

Activity: 518

Merit: 28

The operating system of iphones are never open source right from day one so it might even be an inside job from the company itself, its better to switch to android phones even if its older android phones they don't have this kind of issue, if you are using iphone for your crypto wallets you should take this very seriously

bounceback

sr. member

Activity: 2086

Merit: 283

Vave.com - Crypto Casino

Actually I also don't know much about iPhone (Apple) but I know some iPhone features and I'm sure iPhone is one of the world-famous companies and has designed its features well and can be said to be very safe, and in my opinion our Bitcoin wallet is safe for all types of iPhones, even though you say it's not safe for old iPhones or the latest iPhones, iPhonen also has a feature called Icloud that can lock our privacy data.

DoublerHunter

hero member

Activity: 2590

Merit: 644

Quote from: TanakabZX on October 03, 2019, 03:30:17 AM

Quote from: bbc.reporter on September 28, 2019, 08:16:11 PM

~snip~

Exploits and security breaches can happen on any smart devices that is why crypto hardware wallets are the best option for any security breach like this one, same thing is happening on android devices, i think smartphones that are built with blockchain tech in mind are even better than hardware wallet e.g bitwings mobile that has better security features and 3FA introduction

^ It's not really advisable to use an android phone or smartphone as a bitcoin wallet. Definitely right, as of now, the best wallets are those hardware wallets that contain seed phrases and of course strong password. Here is my conclusion, I think just because the version of it is too old then and the bitcoin wallets, for now, are more up to date so in order for your android phone to be compatible on it. You should need to be able to upgrade on a higher version gadget for you to use all the features smoothly but the best option is never to use a phone as your bitcoin wallet.

TanakabZX

member

Activity: 504

Merit: 16

Quote from: bbc.reporter on September 28, 2019, 08:16:11 PM

The people that go to cryptocoin conferences should be more skeptical if their iphone was lost and then returned to them by a good samaritan hehehe.

In any case, sharing this article here instead of the press subforum for more views. Keep your iphones safe.

Litecoin Foundation’s full-time developer, Loshan T recently stated on Twitter that Bitcoin and Litecoin wallets were no longer safe on iPhones older than and including iPhone X. This was followed by the developer recommending users to upgrade their iPhone devices, considering that several people use smartphone according to Litecoin Foundation’s internal data. Additionally, Loshan explicity stated that updating iOS would not solve the problem as it is “an unpatchable exploit.”

Loshan made the statement in the wake of a Tweet made by Axi0mX. The Twitter handle had stated,

“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).”

Read in full https://ambcrypto.com/litecoin-and-bitcoin-wallets-on-iphones-older-than-and-including-iphone-x-are-insecure-says-ltc-developer/

Exploits and security breaches can happen on any smart devices that is why crypto hardware wallets are the best option for any security breach like this one, same thing is happening on android devices, i think smartphones that are built with blockchain tech in mind are even better than hardware wallet e.g bitwings mobile that has better security features and 3FA introduction

aces777

sr. member

Activity: 686

Merit: 250

There has been some discussions about old Iphone users updating their Iphone devices as it is no longer safe to have bitcoin wallets on old Iphones and that users private keys are at risks. Well, unless you are being targeted, it is mostly unlikely for your phone to get hacked. Just ensure you keep strong pins and passwords and use secure connections, and you are good.

jseverson

hero member

Activity: 1834

Merit: 759

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

Actually there are website that offers services to spy on your phone just by using your phone number or email, the culprit could just pay some subscription to those websites and he can now access all your logs and data on your mobile phones.

Would you mind shedding some light on this service? I've never heard of such a thing, and I imagine it would be a big deal if it actually worked as you described.

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

There is a higher chance for a smart phone to be accessed by somebody compared to a personal computer.

While this is true, it should also be noted that phones could actually be protected against thieves by a strong PIN, and that even biometric security measures aren't trivial to crack (except most Androids' facial recognition, don't use that lol). If you're not being personally targeted (which is incredibly unlikely for us regular folk), keeping a wallet in your phone shouldn't be too much of a security issue. That being said, you shouldn't be keeping large amounts of coins outside cold wallets anyway, regardless of whether it's in your phone or PC.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: Sancho18 on September 29, 2019, 11:32:22 PM

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

This is a bad business. The planned obsolescence tactics help maintain sales in a saturated market, but I don’t want to change my smartphone every year, simply because the manufacturer is too concerned about its financial performance. This is a serious problem that goes beyond the scope of this topic.

Agreed. However, I speculate that there will be a smart CEO who would take a different direction in the smartphone business that might utilize opensource hardware and software and also modularity of the devices.

It will be the smarter smartphone hehehe.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

I do agree that cryptocurrency wallets installed in smartphones, androids are not safe.

I've genuinely never heard of anyone's - reputable - phone wallet being hacked remotely. I'm sure it's more than possible if it's in someone's physical possession.

The number of hacks regarding Windows PC is too numerous to count. If I had only those two to choose from I'd go for the phone without fail.

Mandoy

sr. member

Activity: 644

Merit: 264

Aurox

I do agree that cryptocurrency wallets installed in smartphones, androids are not safe. It is not exclusive only to Iphones but to all smartphones out there. There is a higher chance for a smart phone to be accessed by somebody compared to a personal computer. Actually there are website that offers services to spy on your phone just by using your phone number or email, the culprit could just pay some subscription to those websites and he can now access all your logs and data on your mobile phones.

Thus I do not recommend using mobile wallets especially for cryptocurrency and other financial related applications that risks your money.

omone1

member

Activity: 845

Merit: 52

I have been using Iphone5 which was a gift, suddenly I can't download a lot of applications because my IOS is outdated and Iphone 5 has no support for a higher grade of software. What I currently do until I get money to buy an android is downloading applications via android emulators on my laptop.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

Most things can clearly run the most modern software several generations after the manufacturer has given up on them.

I can see why they do it but it still leaves a fairly nasty taste. It's not the latest vulva recognition they're depriving you of that counts, it's the fundamentals of security.

With Android at least a lot of is down to the widely disliked and almost always pointless tweaks they personally add. The OS should really come in two modules, fundamental Android that's the same on all phones and can upgrade without manufacturer effort, and the other bit can be their crappy bloat that they're free to abandon.

jseverson

hero member

Activity: 1834

Merit: 759

Quote from: o_e_l_e_o on September 29, 2019, 06:44:00 PM

-snip-

You can't actually break iOS' facial recognition with just photos because it uses 3d recognition. It has been broken with masks, but it's not exactly straightforward.

Quote from: Artemis3 on September 29, 2019, 02:26:40 PM

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates. They do this with the OSX computers, and of course tablets and smartphones. Kinda like Microsoft, but on a much shorter timespan.

I can tell you right now that Apple doesn't like this exploit at all. It's a jailbreak exploit, something some iOS users actively look for to have more freedom with their devices. It's also worth noting that it hasn't been exploited as of now, and it would be very difficult in practice to use it to steal crypto from someone else -- they would still need to unlock the phone, for one.

Sancho18

sr. member

Activity: 728

Merit: 368

Sancho

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

This is a bad business. The planned obsolescence tactics help maintain sales in a saturated market, but I don’t want to change my smartphone every year, simply because the manufacturer is too concerned about its financial performance. This is a serious problem that goes beyond the scope of this topic.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: gentlemand on September 29, 2019, 05:48:28 PM

Someone twats you over the head with a rock, holds up your face to the camera and bingo - they have access to your finances, photos of your bum, all of your emails and plenty more.

I don't keep up to date with developments in biometrics, because I don't use them, but certainly when they first came out there were many reports of facial recognition or iris scanners on phones being fooled simply by photos of the owner. A quick internet search seems that not much has changed, and even the latest flagship phones are still vulnerable to this.

So you steal a phone, open up the "Emergency Contact" information from the lock screen, get the owner's name as well as the name of a couple of his/her next of kin, use that information to find them on Facebook, and use their photos to unlock their phone. Sounds super safe.

I'll have you know that photos of my bum are a highly sought after commodity. Wink

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: o_e_l_e_o on September 29, 2019, 03:15:25 PM

Complete sacrifice of privacy for the slightest convenience. I'm amazed that people are willing to bug their own houses on behalf of the government with Amazon Echoes, Google Homes, and similar devices, so they don't have to push like 4 buttons to turn on some music.

It's the potential for physical access which is just as alarming.

Someone twats you over the head with a rock, holds up your face to the camera and bingo - they have access to your finances, photos of your bum, all of your emails and plenty more.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: YuginKadoya on September 29, 2019, 08:57:23 AM

Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version

It can't. This exploit affects the bootrom, which is read-only. There is no way to patch it. It would require Apple to recall every device from iPhone 4 through X and perform a hardware upgrade, which is obviously never going to happen.

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago.

Complete sacrifice of privacy for the slightest convenience. I'm amazed that people are willing to bug their own houses on behalf of the government with Amazon Echoes, Google Homes, and similar devices, so they don't have to push like 4 buttons to turn on some music.

Quote from: Artemis3 on September 29, 2019, 02:26:40 PM

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates.

This is true, and Apple are particularly bad at this. Not just stopping updates and leaving old devices vulnerable, but actually deliberately slowing older devices down so users get frustrated and upgrade sooner. It's particularly immoral behavior. Having said that, I don't think this is what's happened here. It would be fairly stupid of Apple to know about this bug and leave it in, since it allows users to bypass their lack of updates and install their own custom software.

Theb

hero member

Activity: 1680

Merit: 655

Misleading headline again and this time they have taken an important piece out of the context of the article. The exploit that was found from this iOS devices are from jailbroken devices only and that is the main issue why crypto wallets aren't safe to use from these kinds of devices. In the first place it's not even right to jailbreak your device and it is one of the owners choice of doing so because just by doing it voids any kind of warranty claims from Apple, Jailbreaking your own iOS device is just exploiting it to unlock some restricted features as well as download paid apps for free. Just by that description you already know that there will be some certain issues that comes with it and there is really no guarantee that your device will still be 100% protected once jailbroken.

Artemis3

legendary

Activity: 2030

Merit: 1569

CLEAN non GPL infringing code made in Rust lang

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates. They do this with the OSX computers, and of course tablets and smartphones. Kinda like Microsoft, but on a much shorter timespan.

It has nothing to do with bitcoin, just anything you might have in there that needs protection, would be exposed. Unfortunately Android isn't exempt of this, in fact its proprietary environment almost causes it. Every manufacturer adds their custom junk and then forgets it.

Smartphones are for the most part running insecure OSes, only a few old models can run something decent, but most can't.

And yes, this might actually be those companies playing the planned obsolescence thing.

Topic: Bitcoin wallets on older iphones are insecure (Read 596 times)