Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited?
There is a reason behind this for sure maybe its an inside job that led to this incident anyone can simply backdoor their own system and get money from the exploit itself or by fixing what they did.Apples technology is not developing that much phones from phones they are just simply changing the phones name and slight camera upgrade but in tersm of security nono
Topic: Bitcoin wallets on older iphones are insecure - page 2. (Read 596 times)
Isn't this a marketing strategy to sell more new version of Iphones? It was stated that it is in danger only if the attacker has physical contact to the phone yes? So why do we have to worry about such thing? And who is a sane person that will save a huge sum of BTC on their mobile phone that have a tendency to be lost or crack? Personaly, I never use my mobile phone as a cryptocurrency wallet except installing 2fa.
Every phone, older and the last issued could be vulnerable to different threats. Don't expect that manufacturers will protect, it's up to you and you only have to protect your phone and your data.
Also, it's not very wise to keep important personal and financial data on your phone because absolute security and safety can't be guaranteed.
Also, it's not very wise to keep important personal and financial data on your phone because absolute security and safety can't be guaranteed.
Here is an interview with the developer of this exploit, which contains a lot of good information: https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/
Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.
That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.
That would require some high level of specific scenario to occur for the wallet to be exploited. As you said, it cannot be considered truly an exploit on wallets.Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.
That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.
Though measures should be taken so that the hackers don't target this attack on anybody, it certainly cannot be considered as a way of targeting crypto wallets.
It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.
Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.
Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.
You are right on the spot bro. Mobile phone wallets can be made by anyone, and there's no guarantee that they are secure or that they don't even have your private Keys. As soon as you deposit some cryptocurrency, since they have your private keys, they could steal everything. You never know who is behind these apps, unless it is a popular one like coinbase... Most of them could be scams. It's better to protect your cryptocurrency, to keep in your own hands, done trusting random apps.
There are so many Andriod and iOS wallet apps coming every day in apple store and playstore. We never know if these apps can steal your money and run away anytime. Always store your funds in a wallet in which you have full control over its private Key.
Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.
Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.
What do you mean by SAFE here ?
You people mean to say that if the iPhone / or any other phone is hacked, then anyone can get hold of our coins ?
OR
The current iPhone users using different wallets like bread wallet are at risk
Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.
Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.
You are right on the spot bro. Mobile phone wallets can be made by anyone, and there's no guarantee that they are secure or that they don't even have your private Keys. As soon as you deposit some cryptocurrency, since they have your private keys, they could steal everything. You never know who is behind these apps, unless it is a popular one like coinbase... Most of them could be scams. It's better to protect your cryptocurrency, to keep in your own hands, done trusting random apps.
Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.
Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.
Well, first of all, I am not using iPhone but I am familiar with issue's that wallet on the iPhone are not really secure for the older version of IOS I guess this is a kind of problem for some users that have certain cryptocurrency stored in their iPhone, And I am an Android User and not like iPhone's that needs to be jailbreak to get certain free applications I really like to use Smartphone because of its user friendly features,
Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.
I was under the impression that the newest version has the bug where you can bypass the pin and face ID, last I have read this hasn't been patched out yet and is expected in the next release. Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.
Nowadays, the technology is really unpredictable. Hackers around the world are spreading so fast so you need to be mindful about your accounts and gadgets. Especially when you're using an iPhone. In 5 years, iPhone should provide the best security they should create to improve quality in keeping BTC wallets or other coins.
Although it isn't easy to do instantly, they should take care of the security of IPhone users little by little.
Always look for your iPhone to prevent Bitcoin loss.
Although it isn't easy to do instantly, they should take care of the security of IPhone users little by little.
Always look for your iPhone to prevent Bitcoin loss.
Well, first of all, I am not using iPhone but I am familiar with issue's that wallet on the iPhone are not really secure for the older version of IOS I guess this is a kind of problem for some users that have certain cryptocurrency stored in their iPhone, And I am an Android User and not like iPhone's that needs to be jailbreak to get certain free applications I really like to use Smartphone because of its user friendly features,
Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.
Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.
Here is an interview with the developer of this exploit, which contains a lot of good information: https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/
Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.
That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.
I suggest a more secure storage style mobile phone as well if it's anything over pocket change. This means a phone that never installs anything except the initial wallet install (which I'd prefer to be sideloaded electrum that's been verified) and only touches the internet via your own mobile hotspot (or you could have separate cell service for it I guess) to send small amounts to your main mobile wallets. Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.
That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.
Now that I think of it, this was my practice years ago before hardware wallet support on phones and could be outdated by things like the Bluetooth ledger.
User should be aware of their devices. And don't share their device to others. And not use their lost and found device util they are sure about it. A clean install of the firmware may solve any issues.
I too in the past have done something like inserting a shadow miner inside PC of unsuspecting colleagues to mine for me. But stopped doing it as the profit was not enough to sell my ethics.
I too in the past have done something like inserting a shadow miner inside PC of unsuspecting colleagues to mine for me. But stopped doing it as the profit was not enough to sell my ethics.
thanks for the information.
one might argue that people shouldn't be keeping their coins inside their phones in first place. it would be like carrying around bags of cash (your lifesavings) around with you wherever you go! there is a place for storage and there is such thing as pocket money. the phone wallets are for the later.
one might argue that people shouldn't be keeping their coins inside their phones in first place. it would be like carrying around bags of cash (your lifesavings) around with you wherever you go! there is a place for storage and there is such thing as pocket money. the phone wallets are for the later.
Hell yeah, so just for the sake of having a mobile wallet, you need to spend more than $1000 for a new iPhone? Sounds like a legit deal. Why not ask for a patch, or if the problem is the hardware, request Apple to give an "upgrade" of those old versions? That being said, it's not like this exploit will put every wallet at risk.
If you don't give your phone to random people so they can exploit the weakness then you don't have to. Btw, we don't talk about Android here. It was not mentioned except once in the article.
Those who are holding crypto currencies in old iPhone and old anriod wallets they should change their mobiles immediately in order to protect their money
If you don't give your phone to random people so they can exploit the weakness then you don't have to. Btw, we don't talk about Android here. It was not mentioned except once in the article.
Since before, It is hard to used mobile wallet because it is easy for it to exploit by hackers. That is why I always suggest to have more security on the phone. Having a 2 form factor authentication is also start of our phone security. Also doing a system update also helps. Downloading antivirus apps also helps. But if the issue is hardware the only solution that we have is buying a new IOS/Android phone with has a new OS.
This news reminded me of a case where one user reports how he and some other users lost a significant amount of BTC on blockchain.info/com, and they all have something in common : In most cases we were using Apple environment (mainly newest iPhones and official blockchain app).. The specific case may not be related to exploit posted in OP, but it is a good warning to all Apple users to be very careful when using crypto on this OS.
What is even greater problem is that this exploit is “an unpatchable exploit.”, so it would be wise not to buy a new iPhone and wait for some new exploits.
What is even greater problem is that this exploit is “an unpatchable exploit.”, so it would be wise not to buy a new iPhone and wait for some new exploits.
Do you mean that according to Loshan and all iPhone device units are no longer advisable to use in case the user downloads Bitcoin or litecoin apps for wallet use?
Mobile wallets were never that safe. They should only be used for small amounts of crypto. Your main holdings should be on a hardware wallet, airgapped machine, or other cold storage.that is what happens when you are using closed source software (that is iPhones operating system that is mostly closed source), the company (specially when it is located in US) always injects backdoors in their software intentionally and also like always backdoors will exist unintentionally and won't be caught for long times and will be exploited a lot.
This is all true, but this particular exploit is targeted at the hardware, rather than the software, hence the reason it is unpatchable.The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.
Technically, the exploit has been there since day 1, it just wasn't known about. And you shouldn't be placing your trust in any device just because it is "flagship". Nothing is completely secure, regardless of how well it is marketed.
Those who are holding crypto currencies in old iPhone and old anriod wallets they should change their mobiles immediately in order to protect their money
Jump to: