Bitcoin wallets on older iphones are insecure

imstillthebest

full member

Activity: 1638

Merit: 122

Quote from: Byakuga on October 08, 2019, 01:32:35 AM

The operating system of iphones are never open source right from day one so it might even be an inside job from the company itself, its better to switch to android phones even if its older android phones they don't have this kind of issue, if you are using iphone for your crypto wallets you should take this very seriously

you mean older android phones are secure ? i have a couple of old android but i tried to reformat them and they can be easily reformatable which means the phone can be used again by a new owner but newer android phones are not like that . newer units are always more secure . iphone including the older ones are more secure than android because they are not easily reformated . the only issue of them is that they arent open source , like what you said .

Byakuga

member

Activity: 518

Merit: 28

The operating system of iphones are never open source right from day one so it might even be an inside job from the company itself, its better to switch to android phones even if its older android phones they don't have this kind of issue, if you are using iphone for your crypto wallets you should take this very seriously

bounceback

sr. member

Activity: 2086

Merit: 283

Vave.com - Crypto Casino

Actually I also don't know much about iPhone (Apple) but I know some iPhone features and I'm sure iPhone is one of the world-famous companies and has designed its features well and can be said to be very safe, and in my opinion our Bitcoin wallet is safe for all types of iPhones, even though you say it's not safe for old iPhones or the latest iPhones, iPhonen also has a feature called Icloud that can lock our privacy data.

DoublerHunter

hero member

Activity: 2590

Merit: 644

Quote from: TanakabZX on October 03, 2019, 03:30:17 AM

Quote from: bbc.reporter on September 28, 2019, 08:16:11 PM

~snip~

Exploits and security breaches can happen on any smart devices that is why crypto hardware wallets are the best option for any security breach like this one, same thing is happening on android devices, i think smartphones that are built with blockchain tech in mind are even better than hardware wallet e.g bitwings mobile that has better security features and 3FA introduction

^ It's not really advisable to use an android phone or smartphone as a bitcoin wallet. Definitely right, as of now, the best wallets are those hardware wallets that contain seed phrases and of course strong password. Here is my conclusion, I think just because the version of it is too old then and the bitcoin wallets, for now, are more up to date so in order for your android phone to be compatible on it. You should need to be able to upgrade on a higher version gadget for you to use all the features smoothly but the best option is never to use a phone as your bitcoin wallet.

TanakabZX

member

Activity: 504

Merit: 16

Quote from: bbc.reporter on September 28, 2019, 08:16:11 PM

The people that go to cryptocoin conferences should be more skeptical if their iphone was lost and then returned to them by a good samaritan hehehe.

In any case, sharing this article here instead of the press subforum for more views. Keep your iphones safe.

Litecoin Foundation’s full-time developer, Loshan T recently stated on Twitter that Bitcoin and Litecoin wallets were no longer safe on iPhones older than and including iPhone X. This was followed by the developer recommending users to upgrade their iPhone devices, considering that several people use smartphone according to Litecoin Foundation’s internal data. Additionally, Loshan explicity stated that updating iOS would not solve the problem as it is “an unpatchable exploit.”

Loshan made the statement in the wake of a Tweet made by Axi0mX. The Twitter handle had stated,

“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).”

Read in full https://ambcrypto.com/litecoin-and-bitcoin-wallets-on-iphones-older-than-and-including-iphone-x-are-insecure-says-ltc-developer/

Exploits and security breaches can happen on any smart devices that is why crypto hardware wallets are the best option for any security breach like this one, same thing is happening on android devices, i think smartphones that are built with blockchain tech in mind are even better than hardware wallet e.g bitwings mobile that has better security features and 3FA introduction

aces777

sr. member

Activity: 686

Merit: 250

There has been some discussions about old Iphone users updating their Iphone devices as it is no longer safe to have bitcoin wallets on old Iphones and that users private keys are at risks. Well, unless you are being targeted, it is mostly unlikely for your phone to get hacked. Just ensure you keep strong pins and passwords and use secure connections, and you are good.

jseverson

hero member

Activity: 1834

Merit: 759

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

Actually there are website that offers services to spy on your phone just by using your phone number or email, the culprit could just pay some subscription to those websites and he can now access all your logs and data on your mobile phones.

Would you mind shedding some light on this service? I've never heard of such a thing, and I imagine it would be a big deal if it actually worked as you described.

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

There is a higher chance for a smart phone to be accessed by somebody compared to a personal computer.

While this is true, it should also be noted that phones could actually be protected against thieves by a strong PIN, and that even biometric security measures aren't trivial to crack (except most Androids' facial recognition, don't use that lol). If you're not being personally targeted (which is incredibly unlikely for us regular folk), keeping a wallet in your phone shouldn't be too much of a security issue. That being said, you shouldn't be keeping large amounts of coins outside cold wallets anyway, regardless of whether it's in your phone or PC.

bbc.reporter

legendary

Activity: 3192

Merit: 1509

Quote from: Sancho18 on September 29, 2019, 11:32:22 PM

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

This is a bad business. The planned obsolescence tactics help maintain sales in a saturated market, but I don’t want to change my smartphone every year, simply because the manufacturer is too concerned about its financial performance. This is a serious problem that goes beyond the scope of this topic.

Agreed. However, I speculate that there will be a smart CEO who would take a different direction in the smartphone business that might utilize opensource hardware and software and also modularity of the devices.

It will be the smarter smartphone hehehe.

gentlemand

legendary

Activity: 2604

Merit: 3056

Welt Am Draht

Quote from: Mandoy on September 30, 2019, 05:25:36 AM

I do agree that cryptocurrency wallets installed in smartphones, androids are not safe.

I've genuinely never heard of anyone's - reputable - phone wallet being hacked remotely. I'm sure it's more than possible if it's in someone's physical possession.

The number of hacks regarding Windows PC is too numerous to count. If I had only those two to choose from I'd go for the phone without fail.

Mandoy

sr. member

Activity: 644

Merit: 264

Aurox

I do agree that cryptocurrency wallets installed in smartphones, androids are not safe. It is not exclusive only to Iphones but to all smartphones out there. There is a higher chance for a smart phone to be accessed by somebody compared to a personal computer. Actually there are website that offers services to spy on your phone just by using your phone number or email, the culprit could just pay some subscription to those websites and he can now access all your logs and data on your mobile phones.

Thus I do not recommend using mobile wallets especially for cryptocurrency and other financial related applications that risks your money.

omone1

member

Activity: 845

Merit: 52

I have been using Iphone5 which was a gift, suddenly I can't download a lot of applications because my IOS is outdated and Iphone 5 has no support for a higher grade of software. What I currently do until I get money to buy an android is downloading applications via android emulators on my laptop.

gentlemand

legendary

Activity: 2604

Merit: 3056

Welt Am Draht

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

Most things can clearly run the most modern software several generations after the manufacturer has given up on them.

I can see why they do it but it still leaves a fairly nasty taste. It's not the latest vulva recognition they're depriving you of that counts, it's the fundamentals of security.

With Android at least a lot of is down to the widely disliked and almost always pointless tweaks they personally add. The OS should really come in two modules, fundamental Android that's the same on all phones and can upgrade without manufacturer effort, and the other bit can be their crappy bloat that they're free to abandon.

jseverson

hero member

Activity: 1834

Merit: 759

Quote from: o_e_l_e_o on September 29, 2019, 06:44:00 PM

-snip-

You can't actually break iOS' facial recognition with just photos because it uses 3d recognition. It has been broken with masks, but it's not exactly straightforward.

Quote from: Artemis3 on September 29, 2019, 02:26:40 PM

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates. They do this with the OSX computers, and of course tablets and smartphones. Kinda like Microsoft, but on a much shorter timespan.

I can tell you right now that Apple doesn't like this exploit at all. It's a jailbreak exploit, something some iOS users actively look for to have more freedom with their devices. It's also worth noting that it hasn't been exploited as of now, and it would be very difficult in practice to use it to steal crypto from someone else -- they would still need to unlock the phone, for one.

Sancho18

sr. member

Activity: 728

Merit: 368

Sancho

Quote from: bbc.reporter on September 29, 2019, 09:42:16 PM

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

This is a bad business. The planned obsolescence tactics help maintain sales in a saturated market, but I don’t want to change my smartphone every year, simply because the manufacturer is too concerned about its financial performance. This is a serious problem that goes beyond the scope of this topic.

bbc.reporter

legendary

Activity: 3192

Merit: 1509

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

It is only business. You are required by the vendor to upgrade your hardware to run the updated software. I reckon the solution would be to create opensource hardware and software devices where the community can continue its maintenance and security updates.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: gentlemand on September 29, 2019, 05:48:28 PM

Someone twats you over the head with a rock, holds up your face to the camera and bingo - they have access to your finances, photos of your bum, all of your emails and plenty more.

I don't keep up to date with developments in biometrics, because I don't use them, but certainly when they first came out there were many reports of facial recognition or iris scanners on phones being fooled simply by photos of the owner. A quick internet search seems that not much has changed, and even the latest flagship phones are still vulnerable to this.

So you steal a phone, open up the "Emergency Contact" information from the lock screen, get the owner's name as well as the name of a couple of his/her next of kin, use that information to find them on Facebook, and use their photos to unlock their phone. Sounds super safe.

I'll have you know that photos of my bum are a highly sought after commodity. Wink

gentlemand

legendary

Activity: 2604

Merit: 3056

Welt Am Draht

Quote from: o_e_l_e_o on September 29, 2019, 03:15:25 PM

Complete sacrifice of privacy for the slightest convenience. I'm amazed that people are willing to bug their own houses on behalf of the government with Amazon Echoes, Google Homes, and similar devices, so they don't have to push like 4 buttons to turn on some music.

It's the potential for physical access which is just as alarming.

Someone twats you over the head with a rock, holds up your face to the camera and bingo - they have access to your finances, photos of your bum, all of your emails and plenty more.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: YuginKadoya on September 29, 2019, 08:57:23 AM

Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version

It can't. This exploit affects the bootrom, which is read-only. There is no way to patch it. It would require Apple to recall every device from iPhone 4 through X and perform a hardware upgrade, which is obviously never going to happen.

Quote from: gentlemand on September 29, 2019, 11:43:12 AM

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago.

Complete sacrifice of privacy for the slightest convenience. I'm amazed that people are willing to bug their own houses on behalf of the government with Amazon Echoes, Google Homes, and similar devices, so they don't have to push like 4 buttons to turn on some music.

Quote from: Artemis3 on September 29, 2019, 02:26:40 PM

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates.

This is true, and Apple are particularly bad at this. Not just stopping updates and leaving old devices vulnerable, but actually deliberately slowing older devices down so users get frustrated and upgrade sooner. It's particularly immoral behavior. Having said that, I don't think this is what's happened here. It would be fairly stupid of Apple to know about this bug and leave it in, since it allows users to bypass their lack of updates and install their own custom software.

Theb

hero member

Activity: 1680

Merit: 655

Misleading headline again and this time they have taken an important piece out of the context of the article. The exploit that was found from this iOS devices are from jailbroken devices only and that is the main issue why crypto wallets aren't safe to use from these kinds of devices. In the first place it's not even right to jailbreak your device and it is one of the owners choice of doing so because just by doing it voids any kind of warranty claims from Apple, Jailbreaking your own iOS device is just exploiting it to unlock some restricted features as well as download paid apps for free. Just by that description you already know that there will be some certain issues that comes with it and there is really no guarantee that your device will still be 100% protected once jailbroken.

Artemis3

legendary

Activity: 2030

Merit: 1573

CLEAN non GPL infringing code made in Rust lang

This is typical Apple support. When a product is only but a few years old, they declare it obsolete and don't bother with updates. They do this with the OSX computers, and of course tablets and smartphones. Kinda like Microsoft, but on a much shorter timespan.

It has nothing to do with bitcoin, just anything you might have in there that needs protection, would be exposed. Unfortunately Android isn't exempt of this, in fact its proprietary environment almost causes it. Every manufacturer adds their custom junk and then forgets it.

Smartphones are for the most part running insecure OSes, only a few old models can run something decent, but most can't.

And yes, this might actually be those companies playing the planned obsolescence thing.

Kizaki

sr. member

Activity: 413

Merit: 250

CryptoTalk.Org - Get Paid for every Post!

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited?

There is a reason behind this for sure maybe its an inside job that led to this incident anyone can simply backdoor their own system and get money from the exploit itself or by fixing what they did.Apples technology is not developing that much phones from phones they are just simply changing the phones name and slight camera upgrade but in tersm of security nono

serjent05

legendary

Activity: 3052

Merit: 1281

Isn't this a marketing strategy to sell more new version of Iphones? It was stated that it is in danger only if the attacker has physical contact to the phone yes? So why do we have to worry about such thing? And who is a sane person that will save a huge sum of BTC on their mobile phone that have a tendency to be lost or crack? Personaly, I never use my mobile phone as a cryptocurrency wallet except installing 2fa.

bitbunnny

legendary

Activity: 2912

Merit: 1068

WOLF.BET - Provably Fair Crypto Casino

Every phone, older and the last issued could be vulnerable to different threats. Don't expect that manufacturers will protect, it's up to you and you only have to protect your phone and your data.
Also, it's not very wise to keep important personal and financial data on your phone because absolute security and safety can't be guaranteed.

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

Quote from: o_e_l_e_o on September 28, 2019, 08:42:03 PM

Here is an interview with the developer of this exploit, which contains a lot of good information: https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/

Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.

That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.

That would require some high level of specific scenario to occur for the wallet to be exploited. As you said, it cannot be considered truly an exploit on wallets.
Though measures should be taken so that the hackers don't target this attack on anybody, it certainly cannot be considered as a way of targeting crypto wallets.

gentlemand

legendary

Activity: 2604

Merit: 3056

Welt Am Draht

It always surprises me how willing people are to place their entire lives on their phones in a way no one would ever have dreamed of a generation ago. Even worse, most phone manufacturers will abandon you security wise after a year or so. There are people running around with truly ancient devices with gaping holes.

2girls

sr. member

Activity: 1002

Merit: 254

Tontogether | Save Smart & Win Big

Quote from: NewBet on September 29, 2019, 10:47:21 AM

Quote from: AniviaBtc on September 29, 2019, 10:43:02 AM

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.

You are right on the spot bro. Mobile phone wallets can be made by anyone, and there's no guarantee that they are secure or that they don't even have your private Keys. As soon as you deposit some cryptocurrency, since they have your private keys, they could steal everything. You never know who is behind these apps, unless it is a popular one like coinbase... Most of them could be scams. It's better to protect your cryptocurrency, to keep in your own hands, done trusting random apps.

There are so many Andriod and iOS wallet apps coming every day in apple store and playstore. We never know if these apps can steal your money and run away anytime. Always store your funds in a wallet in which you have full control over its private Key.

JohnBitCo

sr. member

Activity: 2030

Merit: 356

Quote from: AniviaBtc on September 29, 2019, 10:43:02 AM

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.

What do you mean by SAFE here ?
You people mean to say that if the iPhone / or any other phone is hacked, then anyone can get hold of our coins ?

OR

The current iPhone users using different wallets like bread wallet are at risk Huh

NewBet

hero member

Activity: 966

Merit: 500

Quote from: AniviaBtc on September 29, 2019, 10:43:02 AM

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.

You are right on the spot bro. Mobile phone wallets can be made by anyone, and there's no guarantee that they are secure or that they don't even have your private Keys. As soon as you deposit some cryptocurrency, since they have your private keys, they could steal everything. You never know who is behind these apps, unless it is a popular one like coinbase... Most of them could be scams. It's better to protect your cryptocurrency, to keep in your own hands, done trusting random apps.

AniviaBtc

sr. member

Activity: 1120

Merit: 272

First 100% Liquid Stablecoin Backed by Gold

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

Absolutely! and not only iPhone users but also other brands because mobile wallet isn't that safe like desktop wallet that you can only secure in your house\home.

kingcolex

sr. member

Activity: 254

Merit: 1258

Quote from: YuginKadoya on September 29, 2019, 08:57:23 AM

Well, first of all, I am not using iPhone but I am familiar with issue's that wallet on the iPhone are not really secure for the older version of IOS I guess this is a kind of problem for some users that have certain cryptocurrency stored in their iPhone, And I am an Android User and not like iPhone's that needs to be jailbreak to get certain free applications I really like to use Smartphone because of its user friendly features,

Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.

I was under the impression that the newest version has the bug where you can bypass the pin and face ID, last I have read this hasn't been patched out yet and is expected in the next release.

AniviaBtc

sr. member

Activity: 1120

Merit: 272

First 100% Liquid Stablecoin Backed by Gold

Nowadays, the technology is really unpredictable. Hackers around the world are spreading so fast so you need to be mindful about your accounts and gadgets. Especially when you're using an iPhone. In 5 years, iPhone should provide the best security they should create to improve quality in keeping BTC wallets or other coins.

Although it isn't easy to do instantly, they should take care of the security of IPhone users little by little.

Always look for your iPhone to prevent Bitcoin loss.

YuginKadoya

legendary

Activity: 3038

Merit: 1169

Well, first of all, I am not using iPhone but I am familiar with issue's that wallet on the iPhone are not really secure for the older version of IOS I guess this is a kind of problem for some users that have certain cryptocurrency stored in their iPhone, And I am an Android User and not like iPhone's that needs to be jailbreak to get certain free applications I really like to use Smartphone because of its user friendly features,

Well, in my opinion, I guess this can be resolved when your IOS is updated to its latest version, but certainly, how about the old version of iPhones that don't have options in updating their IOS.

kingcolex

sr. member

Activity: 254

Merit: 1258

Quote from: o_e_l_e_o on September 28, 2019, 08:42:03 PM

Here is an interview with the developer of this exploit, which contains a lot of good information: https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/

Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.

That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.

I suggest a more secure storage style mobile phone as well if it's anything over pocket change. This means a phone that never installs anything except the initial wallet install (which I'd prefer to be sideloaded electrum that's been verified) and only touches the internet via your own mobile hotspot (or you could have separate cell service for it I guess) to send small amounts to your main mobile wallets.

Now that I think of it, this was my practice years ago before hardware wallet support on phones and could be outdated by things like the Bluetooth ledger.

Tipstar

sr. member

Activity: 1932

Merit: 300

User should be aware of their devices. And don't share their device to others. And not use their lost and found device util they are sure about it. A clean install of the firmware may solve any issues.
I too in the past have done something like inserting a shadow miner inside PC of unsuspecting colleagues to mine for me. But stopped doing it as the profit was not enough to sell my ethics.

Red-Apple

hero member

Activity: 1470

Merit: 655

thanks for the information.
one might argue that people shouldn't be keeping their coins inside their phones in first place. it would be like carrying around bags of cash (your lifesavings) around with you wherever you go! there is a place for storage and there is such thing as pocket money. the phone wallets are for the later.

elda34b

sr. member

Activity: 910

Merit: 351

Hell yeah, so just for the sake of having a mobile wallet, you need to spend more than $1000 for a new iPhone? Sounds like a legit deal. Why not ask for a patch, or if the problem is the hardware, request Apple to give an "upgrade" of those old versions? That being said, it's not like this exploit will put every wallet at risk.

Quote from: bitcoinposts on September 29, 2019, 04:19:34 AM

Those who are holding crypto currencies in old iPhone and old anriod wallets they should change their mobiles immediately in order to protect their money

If you don't give your phone to random people so they can exploit the weakness then you don't have to. Btw, we don't talk about Android here. It was not mentioned except once in the article.

Insanity

sr. member

Activity: 859

Merit: 250

20BET - Premium Casino & Sportsbook

Since before, It is hard to used mobile wallet because it is easy for it to exploit by hackers. That is why I always suggest to have more security on the phone. Having a 2 form factor authentication is also start of our phone security. Also doing a system update also helps. Downloading antivirus apps also helps. But if the issue is hardware the only solution that we have is buying a new IOS/Android phone with has a new OS.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

This news reminded me of a case where one user reports how he and some other users lost a significant amount of BTC on blockchain.info/com, and they all have something in common : In most cases we were using Apple environment (mainly newest iPhones and official blockchain app).. The specific case may not be related to exploit posted in OP, but it is a good warning to all Apple users to be very careful when using crypto on this OS.

What is even greater problem is that this exploit is “an unpatchable exploit.”, so it would be wise not to buy a new iPhone and wait for some new exploits.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: joromz1226 on September 28, 2019, 09:12:24 PM

Do you mean that according to Loshan and all iPhone device units are no longer advisable to use in case the user downloads Bitcoin or litecoin apps for wallet use?

Mobile wallets were never that safe. They should only be used for small amounts of crypto. Your main holdings should be on a hardware wallet, airgapped machine, or other cold storage.

Quote from: pooya87 on September 28, 2019, 11:18:38 PM

that is what happens when you are using closed source software (that is iPhones operating system that is mostly closed source), the company (specially when it is located in US) always injects backdoors in their software intentionally and also like always backdoors will exist unintentionally and won't be caught for long times and will be exploited a lot.

This is all true, but this particular exploit is targeted at the hardware, rather than the software, hence the reason it is unpatchable.

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

Technically, the exploit has been there since day 1, it just wasn't known about. And you shouldn't be placing your trust in any device just because it is "flagship". Nothing is completely secure, regardless of how well it is marketed.

bitcoinposts

member

Activity: 448

Merit: 10

Those who are holding crypto currencies in old iPhone and old anriod wallets they should change their mobiles immediately in order to protect their money

Lorna111

member

Activity: 280

Merit: 11

I do believe that phones that can't withstand fraudulent actions are a threat for investors and client. That's why I always use my computer and high ended security phone whenever I transact with other people using my Bitcoins. It is much safer to use. Those iphones that you were talking about are vulnerable on fraud attacks.

Wexnident

hero member

Activity: 2758

Merit: 675

I don't request loans~

Quote from: Kyraishi on September 29, 2019, 12:00:35 AM

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

It isn't as bad as it's made out to be though, they need to have physical access regarding the device and it's very specific and hard to do.

So just don't let other people use your phone if you have BTC or other coins on it - invest in a desktop wallet.

Yea and this is why I mainly invest in desktop wallets instead of my mobile phones. But the portability of a mobile wallet is really nice so it can't really be helped that people want to use them instead of desktop wallets.

Quote from: joromz1226 on September 28, 2019, 09:12:24 PM

Do you mean that according to Loshan and all iPhone device units are no longer advisable to use in case the user downloads Bitcoin or litecoin apps for wallet use? Is this what you want to convey on this topic that you did dude? But other device units like Samsung, Oppo, and Vivo are okay. Do I understand correctly that I'm right?

Well if I read that correctly then yes. Only iPhone devices are affected and other device units should be safe from the exploit stated by the poster. That is considering the current information at hand regarding the safety of using Android devices anyway.

Kyraishi

hero member

Activity: 952

Merit: 513

Crazy how fast technology moves and advances in our world. The iPhone X was one of the most flagship phones apple ever made, and now your telling me, that after only 2 years of it being out, it can easily get hacked and exploited? That's crazy.

It isn't as bad as it's made out to be though, they need to have physical access regarding the device and it's very specific and hard to do.

So just don't let other people use your phone if you have BTC or other coins on it - invest in a desktop wallet.

pooya87

legendary

Activity: 3472

Merit: 10611

that is what happens when you are using closed source software (that is iPhones operating system that is mostly closed source), the company (specially when it is located in US) always injects backdoors in their software intentionally and also like always backdoors will exist unintentionally and won't be caught for long times and will be exploited a lot.

joromz1226

sr. member

Activity: 798

Merit: 258

Quote from: bbc.reporter on September 28, 2019, 08:16:11 PM

The people that go to cryptocoin conferences should be more skeptical if their iphone was lost and then returned to them by a good samaritan hehehe.

In any case, sharing this article here instead of the press subforum for more views. Keep your iphones safe.

Litecoin Foundation’s full-time developer, Loshan T recently stated on Twitter that Bitcoin and Litecoin wallets were no longer safe on iPhones older than and including iPhone X. This was followed by the developer recommending users to upgrade their iPhone devices, considering that several people use smartphone according to Litecoin Foundation’s internal data. Additionally, Loshan explicity stated that updating iOS would not solve the problem as it is “an unpatchable exploit.”

Loshan made the statement in the wake of a Tweet made by Axi0mX. The Twitter handle had stated,

“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).”

Read in full https://ambcrypto.com/litecoin-and-bitcoin-wallets-on-iphones-older-than-and-including-iphone-x-are-insecure-says-ltc-developer/

Do you mean that according to Loshan and all iPhone device units are no longer advisable to use in case the user downloads Bitcoin or litecoin apps for wallet use? Is this what you want to convey on this topic that you did dude? But other device units like Samsung, Oppo, and Vivo are okay. Do I understand correctly that I'm right?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Here is an interview with the developer of this exploit, which contains a lot of good information: https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/

Essentially, the attacker must have physical access to the device, can't access any data that is stored behind the Secure Enclave PIN, and any code that is injected doesn't persist through restarts. It is a very specific exploit. If you have an iPhone 6 or later, and are using proper security measures, then an attacker can't access your data unless you unlock the phone for them, and if you reboot your phone into iOS any malware or malicious code that has been injected will no longer run. For those reasons, I don't really see this as a valid attack on cryptocurrency wallets. In addition, any good mobile wallet should have its own PIN or password which will encrypt its contents.

That's not to say mobile wallets are otherwise safe. I would only advocate storing small amounts of day to day spending money on a mobile wallet.

bbc.reporter

legendary

Activity: 3192

Merit: 1509

The people that go to cryptocoin conferences should be more skeptical if their iphone was lost and then returned to them by a good samaritan hehehe.

In any case, sharing this article here instead of the press subforum for more views. Keep your iphones safe.

Litecoin Foundation’s full-time developer, Loshan T recently stated on Twitter that Bitcoin and Litecoin wallets were no longer safe on iPhones older than and including iPhone X. This was followed by the developer recommending users to upgrade their iPhone devices, considering that several people use smartphone according to Litecoin Foundation’s internal data. Additionally, Loshan explicity stated that updating iOS would not solve the problem as it is “an unpatchable exploit.”

Loshan made the statement in the wake of a Tweet made by Axi0mX. The Twitter handle had stated,

“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).”

Read in full https://ambcrypto.com/litecoin-and-bitcoin-wallets-on-iphones-older-than-and-including-iphone-x-are-insecure-says-ltc-developer/

Topic: Bitcoin wallets on older iphones are insecure (Read 631 times)