Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Pages:
Author

Topic: how secured? (Read 270 times)

m2017
legendary
Activity: 1792
Merit: 1296
keep walking, Johnnie
how secured?
July 28, 2023, 05:28:58 AM
#31
Quote from: Zoomic on July 26, 2023, 04:09:51 AM
If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.
In this day and age of the Internet, the greatest threat comes not from local hacking, but from online. Most modern devices have access to the Internet, which is the most vulnerable point. The probability of putting your wallet at physical risk is much lower than virtual / online. Therefore, the main emphasis in precautionary measures, as I believe, should be done in this direction. One of which would be: don't store your core crypto assets in phone wallets (only a small portion is acceptable for running expenses).

Whatever new and technological solutions are offered by phone manufacturers (like dual operating systems, etc.), this is more a marketing ploy to increase sales than effective ways to protect your wallet. The best way to store crypto assets is offline or hardware wallets. Never rely 100% on phone wallets, no matter how safe it may seem.
Zoomic
sr. member
Activity: 420
Merit: 252
My post made philipma1957 wear signature
Re: how secured?
July 27, 2023, 08:54:12 PM
#30
Quote from: Synchronice on July 27, 2023, 08:32:12 AM

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.
Yea, if the money was in dollars, maybe I would have preferred a cold wallet. But when it is in few thousands of dollars, following the above recommendations will go.

Quote from: sokani on July 27, 2023, 11:44:47 AM

...The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.
Never used Redmi, just my friend's. Thanks for explaining how it works. Keeping the phone totally off internet, except when to transact is the behaviour.
sokani
sr. member
Activity: 504
Merit: 421
Top Crypto Casino
Re: how secured?
July 27, 2023, 11:44:47 AM
#29
Quote from: Zoomic on July 26, 2023, 04:09:51 AM
If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.
The Redmi smart phone two operating system in one phone feature is called second space. What this feature does is to help you hide your installed wallets and hidden folders from authorized users but it can't protect your device from malware attacks initiated through phishing links and other sources. The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.
satscraper
hero member
Activity: 714
Merit: 1298
Cashback 15%
Re: how secured?
July 27, 2023, 09:17:56 AM
#28
Quote from: ranochigo on July 27, 2023, 02:20:57 AM
[
Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.

That just another side of the same thing.

The most common definition of entropy which is applicable also for the case of password is that this quantity  equals to  number  (logarithm, to be exact) of all possible system's state  which, when applied to password case, means the number of all possible values for the string relevant to the given password.

But this definition is too academic to be used here.
Synchronice
hero member
Activity: 854
Merit: 772
Watch Bitcoin Documentary - https://t.ly/v0Nim
Re: how secured?
July 27, 2023, 08:32:12 AM
#27
Quote from: NotATether on July 27, 2023, 08:01:27 AM
Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.
Incognito mode is a joke. Open an incognito tab, browse think, then visit Facebook in regular tab and when you scroll down, you'll see that your feed is pretty much based on what you were searching on incognito mode.

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: how secured?
July 27, 2023, 08:01:27 AM
#26
Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.
ranochigo
legendary
Activity: 2954
Merit: 4158
Re: how secured?
July 27, 2023, 05:03:07 AM
#25
Quote from: Zoomic on July 27, 2023, 03:37:04 AM
Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Very important information here and other persons have said the same thing in this regard.
If you're using a phone solely for the storing of your coins, you should just get a hardware wallet. That is far safer and more foolproof than using a phone. I avoid using mobile wallets in general because they are often poorly vetted or designed and can have quite a big surface area for attacks. Using a hardware wallet is harder to mess up and provides you with the security at the same time.
Zoomic
sr. member
Activity: 420
Merit: 252
My post made philipma1957 wear signature
Re: how secured?
July 27, 2023, 03:37:04 AM
#24
Quote from: michellee on July 26, 2023, 11:36:29 PM
The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.
Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Quote from: ranochigo on July 26, 2023, 11:20:36 PM

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.
Very important information here and other persons have said the same thing in this regard.
ranochigo
legendary
Activity: 2954
Merit: 4158
Re: how secured?
July 27, 2023, 02:20:57 AM
#23
Quote from: satscraper on July 27, 2023, 02:13:29 AM
It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some  file)./
It depends. Depends on how your system is designed, certain are cached beyond the shortlived timespan in your RAM. RAM access in OS differs and some are not overwritten properly after use. AES is a good encryption, DES aren't, so that has to be taken into account as well.

Regardless, that would still be a risky assumption to take. Unencrypting the wallet file and any processes that takes place should be accounted for.


It has happened before, and I have no doubt that it would happen again.
Quote from: satscraper on July 27, 2023, 02:13:29 AM
In regard to entropy, yeah, when this term is applied to password it's just  reflection of quantity of attempts  needed for successful bruteforcing.
Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.
satscraper
hero member
Activity: 714
Merit: 1298
Cashback 15%
Re: how secured?
July 27, 2023, 02:13:29 AM
#22
Quote from: ranochigo on July 26, 2023, 11:20:36 PM
Malware will just steal the password.


It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some  file)./

In regard to entropy, yeah, when this term is applied to password it's just  reflection of quantity of attempts  needed for successful bruteforcing.
joniboini
legendary
Activity: 2170
Merit: 1789
Re: how secured?
July 27, 2023, 01:34:48 AM
#21
Personally, if I can't be sure I understand how the tech work or verify the developer's claim, I'd rather not use it. They keep mentioning that it uses Samsung Knox as a base to provide a secure environment, but it also supports cloud backup which can be an issue regardless since it adds a new attack vector. I'm not even sure the Redmi secure option is really secure either considering Xiaomi phones are not that popular for privacy and security purpose. Since you mentioned you don't know how some of them work, I'd suggest looking at other options instead of risking your funds for some temporary convenience.
michellee
hero member
Activity: 2604
Merit: 816
Play Bitcoin PVP Prediction Game
Re: how secured?
July 26, 2023, 11:36:29 PM
#20
It's fine to install a Bitcoin wallet on the phone and as long as you don't add a SIM card from any provider and don't install any other apps and only factory default apps, the phone should be fine. So the phone is only specifically for storing Bitcoins.

Assume your phone is only for storing Bitcoins. You only rely on an internet connection from your home WiFi and don't carry the phone anywhere. Moreover, you don't often connect the phone to the internet network. It's safe, especially if you also use a phone lock application, but I suggest not using biometrics. It's better to use a password combination or a pin code in the form of letters, numbers, or both.

The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.
ranochigo
legendary
Activity: 2954
Merit: 4158
Re: how secured?
July 26, 2023, 11:20:36 PM
#19
Quote from: satscraper on July 26, 2023, 11:36:13 AM
I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.
Generally, entropy doesn't matter with passwords. It is just not feasible to bruteforce passwords in this manner, especially when you need the file as well. Malware will just steal the password.

Android phones and IOS usually operate their apps within their own sandbox which makes it more secure than other OSes in a sense. However, because they are such an attractive target, malwares are often catered to attack the zero days on the platform. Samsung Knox goes a step above the vanilla Android OS and does hardware level isolation and theoretically it should be more secure.

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.
dzungmobile
sr. member
Activity: 658
Merit: 354
I stand with Ukraine!
Re: how secured?
July 26, 2023, 10:50:32 PM
#18
Quote from: Zaguru12 on July 26, 2023, 10:26:25 AM
It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode
We can stop talking about wallet backups but just know that there are people who don't make wallet backups. If you do it, it's good.
I am against biometrics but I know it has advantages and disadvantages but with me, after consideration, my opinion is the same, against it.


Quote
High risk: You can change passwords, but you can’t change your biometric details. If your biometric data is stolen or lost, it could be permanently compromised.

Duplication: In some ways, biometric credentials are easier to obtain and duplicate than access cards or keys, because we quite literally leave our biometric footprints and fingerprints everywhere we go. Criminals are learning to copy biometric details by lifting fingerprints off glass, or even capturing voice recordings.

When your biometric are stolen, data base is compromised, you are done. Because simply said, you can change your passwords billion of times if you want but you can not change your biometric.

It sounds seriously but I am against Fingerprint Biometrics for kids. We as parents should not leak our kids biometrics easily like this.
witcher_sense
legendary
Activity: 2310
Merit: 4313
🔐BitcoinMessage.Tools🔑
Re: how secured?
July 26, 2023, 05:17:46 PM
#17
Quote from: Zoomic on July 26, 2023, 01:05:27 PM
Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.
A secure folder is basically an isolated virtual environment for your apps that makes it much easier to separate sensitive-related applications and those that don't need any secret keys to perform their functions. There is a special secure mechanism in each Android or iPhone that encrypts passwords and private keys, stores them in a protected area, and sends decrypted data back to the apps that have a right to access certain parts of information. What's interesting is that apps using secret keys don't actually know what the values of these keys are since all sensitive information remains inside the protected area. So far, so good. But for cryptocurrency applications such as software wallets, it is necessary to have access to private keys in plain text in order to be able to sign messages and produce signatures. In other words, the information you keep inside the secure folder remains private as long as you don't touch a software wallet sitting inside it to send or receive funds. Once the wallet is unlocked, all seed phrases and private keys that belong to the given wallet become much easier to steal because the wallet stores and manipulates them in plaintext.
Zoomic
sr. member
Activity: 420
Merit: 252
My post made philipma1957 wear signature
Re: how secured?
July 26, 2023, 01:05:27 PM
#16
Quote from: Zaguru12 on July 26, 2023, 06:00:51 AM
Quote from: dzungmobile on July 26, 2023, 04:59:57 AM
Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again
Very apt. If my family has access to my private keys or seeds, they will not have problem access the funds anytime. I have also read someone said using biometric is bad because if it's faulty you need to go phone repair shop which is a risk. Before anyone could use biometrics, there is always a primary lock type.

Quote from: satscraper on July 26, 2023, 11:36:13 AM
Quote from: Charles-Tim on July 26, 2023, 04:13:20 AM
The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory  area that keeps sensitive apps  is encrypted, AFAIK.  I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.
Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.
satscraper
hero member
Activity: 714
Merit: 1298
Cashback 15%
Re: how secured?
July 26, 2023, 11:36:13 AM
#15
Quote from: Charles-Tim on July 26, 2023, 04:13:20 AM
The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory  area that keeps sensitive apps  is encrypted, AFAIK.  I'm in doubt that  malware could  decrypt it  by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area  when user decrypt it to access apps he needed.
Zaguru12
hero member
Activity: 672
Merit: 855
Re: how secured?
July 26, 2023, 10:26:25 AM
#14
Quote from: dzungmobile on July 26, 2023, 07:38:58 AM
I meant they can not access your coin if they only have that phone, without you, your hands and fingerprints and of course without other accessible wallet backups.

There are other ways to lock your phones like with Pin code and I am still against Biometrics to lock and unlock my phone. The sensor can be broken and you will have to bring your phone to Technical stores to fix it. It contains another risk when you have to handle your phone to a third party.

It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode
rat03gopoh
hero member
Activity: 2002
Merit: 633
Your keys, your responsibility
Re: how secured?
July 26, 2023, 09:56:41 AM
#13
Quote from: Zoomic on July 26, 2023, 04:09:51 AM
finger lock.
It's a big problem if you enable it also in the wallet settings, indirectly it's like setting the exact same password for the login credentials of all the accounts present on that device.
I remember some crypto wallets that only require biometric authentication to send funds. In an unconscious state (sleeping, drunk or dead), people around you might take advantage of it to dry your wallet.
aylabadia05
hero member
Activity: 1470
Merit: 755
Re: how secured?
July 26, 2023, 08:05:03 AM
#12
Quote from: Zoomic on July 26, 2023, 04:09:51 AM
If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.
It is physically safe when we lose our android because the security settings you have made are good, starting from a secure folder, password to fingerprint. But to guarantee as a whole is still in doubt. First for reasons of malware or viruses that Charles-Tim said.
I am an Android Samsung user and I really feel how users can hide files.
Before using Samsung, I also used the Xiaomi brand Android and had the convenience of saving files.

I think it's not really guaranteed as long as we don't keep backups elsewhere and this way we acknowledge as the only good way.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: