Author

Topic: Coinomi: Vulnerability discovered (Read 938 times)

member
Activity: 420
Merit: 10
www.coinxes.io
October 27, 2017, 11:32:55 AM
#9
would it be safe? because I do not know.
I am also a user of the coinomi app
newbie
Activity: 52
Merit: 0
October 05, 2017, 04:34:14 PM
#8
We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.
legendary
Activity: 3472
Merit: 10611
October 05, 2017, 12:37:38 AM
#7
~ using non-SSL to broadcast transaction which can be decoded and seen in plain text:~

there is absolutely nothing wrong with broadcasting transactions without encryption. in fact i believe no wallet uses any sort of encryption for broadcasting transactions.

this is about everything else that is being communicated, as others said. such as your bitcoin addresses and the block headers you receive from the electrum servers coinomi connects to.
hero member
Activity: 2870
Merit: 594
October 04, 2017, 08:18:02 PM
#6
It is still unresolved as of today. I'm haven't seen any tweets from them. So its either they totally ignored the issues found or they are fixing it but haven't released it yet because they are testing it. I'm still reluctant to use it until the issue is not solved. Although no reported hacks, there is a possibility that it can happen because its broadcasting in plain text, meaning not secured.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
October 03, 2017, 09:28:58 AM
#5
Thanks for the ups I'm not updated with these things though I'm not using them I'm also worried about those people who are using coinomi including my friends.

Reading those comments on reddit, I just noticed why coinomi needs to block the person that decodes and saw this vulnerability.

Why they don't want to disclose this thing to their users? they don't want to disappear thousands of their users.

I don't like either how they handled this situation.

Probably they don't want to be embarrassed. 
legendary
Activity: 3080
Merit: 1353
September 29, 2017, 07:00:35 AM
#4
There is also another thread discussing about the said vulnerability:

https://bitcointalksearch.org/topic/warning-about-coinomi-2215088

And I put as much detailed as I can regarding it. Even some members just installed it.

And potentially other information... remember, no SSL means all your communication to the server is in plaintext... anyone along the network path can inspect the data packets and capture the data.

Coinomi haven't exactly done themselves any favours with the way the whole situation has been handled either Undecided

Yes, we don't want our bitcoin address exposed, and just what I have said, we need this to be fix ASAP. Others might take advantage of this situation. I don't like either how they handled this situation. Let see how things develop.
HCP
legendary
Activity: 2086
Merit: 4361
September 29, 2017, 06:12:17 AM
#3
And potentially other information... remember, no SSL means all your communication to the server is in plaintext... anyone along the network path can inspect the data packets and capture the data.

Coinomi haven't exactly done themselves any favours with the way the whole situation has been handled either Undecided
full member
Activity: 378
Merit: 197
September 29, 2017, 05:06:31 AM
#2
Thanks for the info.

Luckily this wont endanger your private keys, but it does leak all addresses you have in your wallet.
hero member
Activity: 2870
Merit: 594
September 28, 2017, 06:48:16 PM
#1
Hello guys,

Looks like someone has found a security flaw on coinomi wallet. So please be careful using it. The person who found it says that it is using non-SSL to broadcast transaction which can be decoded and seen in plain text:

https://www.reddit.com/r/Bitcoin/comments/72lmql/security_warning_coinomi_wallet_transmits_all/

Jump to: