how secured? | Bitcointalksearch.org

m2017

legendary

Activity: 1792

Merit: 1296

Crypto Casino and Sportsbook

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

In this day and age of the Internet, the greatest threat comes not from local hacking, but from online. Most modern devices have access to the Internet, which is the most vulnerable point. The probability of putting your wallet at physical risk is much lower than virtual / online. Therefore, the main emphasis in precautionary measures, as I believe, should be done in this direction. One of which would be: don't store your core crypto assets in phone wallets (only a small portion is acceptable for running expenses).

Whatever new and technological solutions are offered by phone manufacturers (like dual operating systems, etc.), this is more a marketing ploy to increase sales than effective ways to protect your wallet. The best way to store crypto assets is offline or hardware wallets. Never rely 100% on phone wallets, no matter how safe it may seem.

Zoomic

sr. member

Activity: 616

Merit: 271

Quote from: Synchronice on July 27, 2023, 07:32:12 AM

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.

Yea, if the money was in dollars, maybe I would have preferred a cold wallet. But when it is in few thousands of dollars, following the above recommendations will go.

Quote from: sokani on July 27, 2023, 10:44:47 AM

...The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.

Never used Redmi, just my friend's. Thanks for explaining how it works. Keeping the phone totally off internet, except when to transact is the behaviour.

sokani

sr. member

Activity: 658

Merit: 441

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

The Redmi smart phone two operating system in one phone feature is called second space. What this feature does is to help you hide your installed wallets and hidden folders from authorized users but it can't protect your device from malware attacks initiated through phishing links and other sources. The moment your phone is comprised by a malware, your wallets on the second space are not spared as well and your funds could be stolen. Since your wallet is on your smart phone, my advice is for you to be mindful of the kind of websites you visit or better still get yourself a hardware wallet to be safe.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: ranochigo on July 27, 2023, 01:20:57 AM

[
Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.

That just another side of the same thing.

The most common definition of entropy which is applicable also for the case of password is that this quantity equals to number (logarithm, to be exact) of all possible system's state which, when applied to password case, means the number of all possible values for the string relevant to the given password.

But this definition is too academic to be used here.

Synchronice

hero member

Activity: 882

Merit: 792

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: NotATether on July 27, 2023, 07:01:27 AM

Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.

Incognito mode is a joke. Open an incognito tab, browse think, then visit Facebook in regular tab and when you scroll down, you'll see that your feed is pretty much based on what you were searching on incognito mode.

OP, if you want to use it as a hot wallet, then you can securely do that if you don't visit malicious websites and don't download uncertain apps. Your device and wallet won't be hacked that easily if you know what to avoid. But as a cold wallet where I plan to save a million dollar, I would avoid such a combination at all cost.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Malware can still be installed accidentally or deliberately onto the phone which can then access the secure folder if you proceed to use the wallet normally and open it from that location, so treat is as a deterrent rather than a security feature.

It's like Incognito mode of browsers, it hides data from shoulder surfers and evil maids, but not necessarily from hackers.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: Zoomic on July 27, 2023, 02:37:04 AM

Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Very important information here and other persons have said the same thing in this regard.

If you're using a phone solely for the storing of your coins, you should just get a hardware wallet. That is far safer and more foolproof than using a phone. I avoid using mobile wallets in general because they are often poorly vetted or designed and can have quite a big surface area for attacks. Using a hardware wallet is harder to mess up and provides you with the security at the same time.

Zoomic

sr. member

Activity: 616

Merit: 271

Quote from: michellee on July 26, 2023, 10:36:29 PM

The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.

Thanks!
What I need do is to remove the third party apps in the phone but then it is not a phone that is carried along. Always safe at home. Most times panick kills even when no one is attacking you, it is important not to overthink as you said.

Quote from: ranochigo on July 26, 2023, 10:20:36 PM

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.

Very important information here and other persons have said the same thing in this regard.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: satscraper on July 27, 2023, 01:13:29 AM

It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some file)./

It depends. Depends on how your system is designed, certain are cached beyond the shortlived timespan in your RAM. RAM access in OS differs and some are not overwritten properly after use. AES is a good encryption, DES aren't, so that has to be taken into account as well.

Regardless, that would still be a risky assumption to take. Unencrypting the wallet file and any processes that takes place should be accounted for.

It has happened before, and I have no doubt that it would happen again.

Quote from: satscraper on July 27, 2023, 01:13:29 AM

In regard to entropy, yeah, when this term is applied to password it's just reflection of quantity of attempts needed for successful bruteforcing.

Not exactly. Entropy is often misconstrued when talking about the complexity of passwords. Its a term used to measure randomness. This can be flawed when taking into account password dumps, rainbow tables, common password structures, etc.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: ranochigo on July 26, 2023, 10:20:36 PM

Malware will just steal the password.

It will steal in the course user enters password or when password is still in RAM.

No way for malware to steal password which is not in the phone's memory (or in some file)./

In regard to entropy, yeah, when this term is applied to password it's just reflection of quantity of attempts needed for successful bruteforcing.

joniboini

legendary

Activity: 2170

Merit: 1789

Personally, if I can't be sure I understand how the tech work or verify the developer's claim, I'd rather not use it. They keep mentioning that it uses Samsung Knox as a base to provide a secure environment, but it also supports cloud backup which can be an issue regardless since it adds a new attack vector. I'm not even sure the Redmi secure option is really secure either considering Xiaomi phones are not that popular for privacy and security purpose. Since you mentioned you don't know how some of them work, I'd suggest looking at other options instead of risking your funds for some temporary convenience.

michellee

hero member

Activity: 2604

Merit: 816

🐺Spinarium.com🐺 - iGaming casino

It's fine to install a Bitcoin wallet on the phone and as long as you don't add a SIM card from any provider and don't install any other apps and only factory default apps, the phone should be fine. So the phone is only specifically for storing Bitcoins.

Assume your phone is only for storing Bitcoins. You only rely on an internet connection from your home WiFi and don't carry the phone anywhere. Moreover, you don't often connect the phone to the internet network. It's safe, especially if you also use a phone lock application, but I suggest not using biometrics. It's better to use a password combination or a pin code in the form of letters, numbers, or both.

The important thing is don't overthink because your mind will never be calm. It should be safe as long as you follow what's suggested for securing your phone. And if you intend to use that phone as a place to store Bitcoins, you don't have to carry that phone around with you.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: satscraper on July 26, 2023, 10:36:13 AM

I'm in doubt that malware could decrypt it by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area when user decrypt it to access apps he needed.

Generally, entropy doesn't matter with passwords. It is just not feasible to bruteforce passwords in this manner, especially when you need the file as well. Malware will just steal the password.

Android phones and IOS usually operate their apps within their own sandbox which makes it more secure than other OSes in a sense. However, because they are such an attractive target, malwares are often catered to attack the zero days on the platform. Samsung Knox goes a step above the vanilla Android OS and does hardware level isolation and theoretically it should be more secure.

Regardless, I wouldn't consider anything that you're moving around with and having the potential of misplacing as being secure.

dzungmobile

sr. member

Activity: 854

Merit: 424

I stand with Ukraine!

Quote from: Zaguru12 on July 26, 2023, 09:26:25 AM

It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode

We can stop talking about wallet backups but just know that there are people who don't make wallet backups. If you do it, it's good.

I am against biometrics but I know it has advantages and disadvantages but with me, after consideration, my opinion is the same, against it.

Quote

High risk: You can change passwords, but you can’t change your biometric details. If your biometric data is stolen or lost, it could be permanently compromised.

Duplication: In some ways, biometric credentials are easier to obtain and duplicate than access cards or keys, because we quite literally leave our biometric footprints and fingerprints everywhere we go. Criminals are learning to copy biometric details by lifting fingerprints off glass, or even capturing voice recordings.

When your biometric are stolen, data base is compromised, you are done. Because simply said, you can change your passwords billion of times if you want but you can not change your biometric.

It sounds seriously but I am against Fingerprint Biometrics for kids. We as parents should not leak our kids biometrics easily like this.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: Zoomic on July 26, 2023, 12:05:27 PM

Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.

A secure folder is basically an isolated virtual environment for your apps that makes it much easier to separate sensitive-related applications and those that don't need any secret keys to perform their functions. There is a special secure mechanism in each Android or iPhone that encrypts passwords and private keys, stores them in a protected area, and sends decrypted data back to the apps that have a right to access certain parts of information. What's interesting is that apps using secret keys don't actually know what the values of these keys are since all sensitive information remains inside the protected area. So far, so good. But for cryptocurrency applications such as software wallets, it is necessary to have access to private keys in plain text in order to be able to sign messages and produce signatures. In other words, the information you keep inside the secure folder remains private as long as you don't touch a software wallet sitting inside it to send or receive funds. Once the wallet is unlocked, all seed phrases and private keys that belong to the given wallet become much easier to steal because the wallet stores and manipulates them in plaintext.

Zoomic

sr. member

Activity: 616

Merit: 271

Quote from: Zaguru12 on July 26, 2023, 05:00:51 AM

Quote from: dzungmobile on July 26, 2023, 03:59:57 AM

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

Very apt. If my family has access to my private keys or seeds, they will not have problem access the funds anytime. I have also read someone said using biometric is bad because if it's faulty you need to go phone repair shop which is a risk. Before anyone could use biometrics, there is always a primary lock type.

Quote from: satscraper on July 26, 2023, 10:36:13 AM

Quote from: Charles-Tim on July 26, 2023, 03:13:20 AM

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory area that keeps sensitive apps is encrypted, AFAIK. I'm in doubt that malware could decrypt it by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area when user decrypt it to access apps he needed.

Thanks for mentioning this. I know there is encryption of the memory that holds sensitive apps, but I don't know how it works and that's why I kept mentioning the difficulty level.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Charles-Tim on July 26, 2023, 03:13:20 AM

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for online ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

That hidden memory area that keeps sensitive apps is encrypted, AFAIK. I'm in doubt that malware could decrypt it by itself if password is strong enough, say, having entropy of 128-bit.

Probably malware is capable to penetrate into hidden area when user decrypt it to access apps he needed.

Zaguru12

hero member

Activity: 868

Merit: 952

Quote from: dzungmobile on July 26, 2023, 06:38:58 AM

I meant they can not access your coin if they only have that phone, without you, your hands and fingerprints and of course without other accessible wallet backups.

There are other ways to lock your phones like with Pin code and I am still against Biometrics to lock and unlock my phone. The sensor can be broken and you will have to bring your phone to Technical stores to fix it. It contains another risk when you have to handle your phone to a third party.

It will be a bit stupid not actually back up the keys to once funds, not only could your lose it when you die or something happens but you also will lose it when something happens to the device. So I doubt any one will actually have a wallet with backup, Infact that’s the first thing that comes when creating a wallet, except if you’re referring to an exchange account which is not what OP is referring to on this thread.

More so I think almost all biometric authentications are backed up by passcodes. So that should any of your state fears against them (biometrics) arises you can simply just use the passcode

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

finger lock.

It's a big problem if you enable it also in the wallet settings, indirectly it's like setting the exact same password for the login credentials of all the accounts present on that device.
I remember some crypto wallets that only require biometric authentication to send funds. In an unconscious state (sleeping, drunk or dead), people around you might take advantage of it to dry your wallet.

aylabadia05

hero member

Activity: 1540

Merit: 772

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

It is physically safe when we lose our android because the security settings you have made are good, starting from a secure folder, password to fingerprint. But to guarantee as a whole is still in doubt. First for reasons of malware or viruses that Charles-Tim said.
I am an Android Samsung user and I really feel how users can hide files.
Before using Samsung, I also used the Xiaomi brand Android and had the convenience of saving files.

I think it's not really guaranteed as long as we don't keep backups elsewhere and this way we acknowledge as the only good way.

dzungmobile

sr. member

Activity: 854

Merit: 424

I stand with Ukraine!

Quote from: Zaguru12 on July 26, 2023, 05:00:51 AM

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

I meant they can not access your coin if they only have that phone, without you, your hands and fingerprints and of course without other accessible wallet backups.

There are other ways to lock your phones like with Pin code and I am still against Biometrics to lock and unlock my phone. The sensor can be broken and you will have to bring your phone to Technical stores to fix it. It contains another risk when you have to handle your phone to a third party.

Yamane_Keto

hero member

Activity: 406

Merit: 443

According to some reports, Secure Folder encrypts your data, so it is safe from physical attacks, which is represented by a third party accessing and using your phone, and from hackers, as the file inside is encrypted. The problem remains in Do you trust Samsung encryption?
The wallet file is usually encrypted so you add an extra layer of security.

You can get greater security if you add a new layer of encryption to your wallet file, but in general it is better to keep it offline by deleting the wallet file and keeping your wallet seeds words, as the process of restoring an encrypted, deleted, and overwritten wallet file is more difficult.

Zaguru12

hero member

Activity: 868

Merit: 952

Quote from: dzungmobile on July 26, 2023, 03:59:57 AM

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Although biometrics isn’t the best of password but using it doesn’t mean your family cannot access your funds later. The only way in which a wallet cannot be accessed is by losing the recovery seed or keys. Once your family get hold of the keys or seeds they will just import them in a wallet on another device and it wouldn’t need any biometric or passcode again

dzungmobile

sr. member

Activity: 854

Merit: 424

I stand with Ukraine!

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

If I get a new Samsung phone and set up the normal password and finger lock.

Finger lock, this is bad.

You are not an intelligent agent so you don't need it. Individually, you need to secure your device and wallet but if you don't plan to die with your bitcoin and nobody will access it after your death, just don't use finger lock.

The bottom line is secure your device, your backups but it should be accessed by your wife, children, loved ones.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: Zoomic on July 26, 2023, 03:44:47 AM

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?
I am having an odd feeling about this, even as Zaguru12 mentioned physical hacker just like there are spiritual hackers. Maybe I will have to understand more in this thread.

Physical hack, he meant offline attack. Like those people that you give your phone.

But malware is online and would be able to make a hacker to compromise your wallet. To have more knowledge about malware, try and read about them, especially Trojan horse, rootkit and clipboard. There are more and malware can be combined to illicit attack on devices.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: Zoomic on July 26, 2023, 03:44:47 AM

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?

An attacker doesn't have to get a hold of your phone locally to attack and steal your funds. A phone password, finger print or pin only protects unauthorized access of people to your device, it does not protect the wallet and keys you have in that device. Take note that BTC is not stored in wallets, but on the network, so as long as you have your keys in any online wallet and use that device to browse and do many stuffs online, the wallet in that device is prone to hack and is not safe.

Zoomic

sr. member

Activity: 616

Merit: 271

Quote from: Charles-Tim on July 26, 2023, 03:13:20 AM

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

Quote from: Zaguru12 on July 26, 2023, 03:16:53 AM

I would say this is similar to adding passphrase or 2FA to a wallet that has passcode already.

If hacking difficulty of a device without a password is 10%, the difficulty when password is added and maybe additional finger print is added should be upto 15%. According to what you both said, does it mean that having password, finger print and also another password to unhide the secured folder won't make additional difficulty?
I am having an odd feeling about this, even as Zaguru12 mentioned physical hacker just like there are spiritual hackers. Maybe I will have to understand more in this thread.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: Zoomic on July 26, 2023, 03:09:51 AM

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

This feature is not for security reasons, it is for local privacy reasons, that is if you want to hide certain apps from people who have access to your device. Mind you that this feature wouldn't even protect you from a targeted local attack, because it is a very popular feature and the attacker would surey know about it, so you should always encrypt your wallet file.

Needless to say that your wallet isn't safe from hack if you use this feature because any wallet that is online is prone to hack, and your wallet is online. If you want your wallet to be safe from hack you'll have to use it on a completely air-gapped device, or just get a hardware wallet.

Zaguru12

hero member

Activity: 868

Merit: 952

This apparently looks a bit secure to only physical hackers, like some that gets hold of your phone and then possibly has knows your phone lock password, it will hard for him to get access if he doesn’t know the folder password if it is different from the phone lock password. I would say this is similar to adding passphrase or 2FA to a wallet that has passcode already.

But just like Charles-Tim said, it is not secure when the device is faced by malware through phishing, example can be the clipboard malware. Just get a Wallet and back up it’s recovery seeds well

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

The secure folder is good for other people that are using your phone not to see what you store on it, like files and apps. But malware can still be able to penetrate it and a hacker can be able to steal your coins.

If you want a safer and well secured wallet, go for ~~online~~ offline ones like a paper wallet, wallet on an airgapped device and hardware wallet like passport for bitcoin.

Zoomic

sr. member

Activity: 616

Merit: 271

If I get a new Samsung phone and set up the normal password and finger lock. Then, set up the Samsung secure folder and it's password. I now download my wallet inside the Samsung secure folder, how safe is my wallet from hack.
For people who doesn't use android, Samsung secure can be hidden in Samsung phone such that even if you have access to the phone you may never access the secure folder.

Also Redmi android phone also has this feature, like two different operating system running in one phone for security reasons.

Topic: how secured? (Read 278 times)