Lost smartphone with Coinomi wallet and private keys?

STT

legendary

Activity: 4088

Merit: 1452

Quote from: bob123 on March 20, 2021, 05:43:18 AM

That's a tough question.
The storage is encrypted, by default.

I have a really old phone from 2011 era that was never updated. Can I access this easily to back it up now. Its obviously old and failing and I want to be able to use the files as a virtual android phone or something similar if possible. I did figure this is the one thing in my favor that security will be poor for such an old phone and I can just backup/view the old files quite easily.
Anyone know the best route/software to take in order to do this, the battery on this thing is quite terminal so its only getting worse. Can I just copy across the files/directories and thats enough to later recover the program data, I have no interest in plain documents etc.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Quote from: libert19 on December 15, 2021, 12:32:45 AM

^ FYI, you can setup both password and fingerprint simultaneously plus with applock you can lock Coinomi app access itself.

Most use screenlock on phone, so it makes multiple security layers before someone can transact your funds (unless app itself is compromised, ofc).

Actually, phones right now can easily bypass those passwords or fingerprints if you have tools that are mostly used by phone technicians like the eMMC jtag tool then they can easily bypass it or directly download all data from Nand IC or eMMC.

However, I don't know how Coinomi encrypt all those private keys if the phone technician knows about crypto and have knowledge about brute force attack then there is a possibility that they can extract the private keys from the data that they downloaded from Nand IC or eMMC.
Everything is possible in software but I don't think that random people who picked up the phone have knowledge about crypto or brute force attack or even extract those files from Nand or eMMC using Jtag tools it can't be easy to do. So that random people have 0 chance to extract the private key from the lost phone except for phone tech with knowledge about crypto and brute-forcing.

libert19

hero member

Activity: 2520

Merit: 952

^ FYI, you can setup both password and fingerprint simultaneously plus with applock you can lock Coinomi app access itself.

Most use screenlock on phone, so it makes multiple security layers before someone can transact your funds (unless app itself is compromised, ofc).

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Charles-Tim on November 03, 2021, 06:26:16 AM

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

You should use Biometric security to protect your phone so that no one can access it but only yourself

Password is safer as DaveF commented, if only password is used, can the wallet also be accessed if the password is unknown, it will be difficult. Also what if you are sleeping and someone that is close to you make use of your finger to be unlocking your phone, apps including your wallet to compromise it. Biometry can be good for easy access, but not as secure as passwords.

Do not even have to be sleeping. If you are out drinking or whatever, and (being sexist here deal with it) those attractive women at the end of the bar come over to talk to you it's going to be easier for them to get you to unlock your phone so they can 'put their info into it' or to get you to take a picture then it is to have you enter the password 87g7w458w%Y$W!(SERGdvf

Also, on that note. I am surprised that more apps don't have geo fencing on them. Yes you can unlock you wallet with a fingerprint. But you have to be at home to do it kind o thing. There is at least 1 BMS app that I know of that you can only connect to the controller if you are in the area. Surprised more apps / things don't do that. Or if they do exist I have not seen them.

-Dave

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too.

Getting access to the private key will require tools like Iancoleman as private key can not be gotten directly from Coinomi, correct me if wrong. But the seed phrase can easily be revealed directly on the wallet which is enough for another person to steal the bitcoin and all altcoins leaving the wallet compromised.

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

You should use Biometric security to protect your phone so that no one can access it but only yourself

Password is safer as DaveF commented, if only password is used, can the wallet also be accessed if the password is unknown, it will be difficult. Also what if you are sleeping and someone that is close to you make use of your finger to be unlocking your phone, apps including your wallet to compromise it. Biometry can be good for easy access, but not as secure as passwords.

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

Also do not forget to save your private key somewhere safe aside from your phone,

Yes, but while private key which you cannot get directly from Coinomi, you can save the 24 words passphrase offline and having like three copies at least in different locations.

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

if you have two email Ids maybe gmail and outlook then you can send it from your one email to another so that you can have it forever in your two emails.

If your email is compromised, then your seed phrase or the backup is revealed whcih can be used to compromise your wallet and lead to coins stolen.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Jawadu on September 24, 2021, 02:38:36 PM

...
If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too. You should use Biometric security to protect your phone so that no one can access it but only yourself....

Never ever ever rely on biometic security. There have been many vulnerabilities found over the years. And more keep popping up.
A long c0MpL3x password is the only way to go.
Now, also if you never keep more then $50 in your phone wallet, then you probably care less then if you keep $5000
It's a matter of time and effort vs. security vs. possible loss.

https://marketresearchtelecast.com/face-id-ios-15-removes-weaknesses-in-apples-face-recognition/161163/
https://www.cs.tufts.edu/comp/116/archive/fall2017/sdevanahalli.pdf
https://www.komando.com/security-privacy/samsung-fingerprint-vulnerability/773497/

-Dave

Jawadu

jr. member

Activity: 222

Merit: 8

Bounty Campaign Manager

Quote from: zxbit on March 15, 2021, 07:01:28 AM

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

If someone gets access to your Coinomi wallet it's obvious that he/she will have access to your private keys without any difficulties too. You should use Biometric security to protect your phone so that no one can access it but only yourself. Also do not forget to save your private key somewhere safe aside from your phone, if you have two email Ids maybe gmail and outlook then you can send it from your one email to another so that you can have it forever in your two emails.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: The Sceptical Chymist on April 18, 2021, 09:39:52 AM

Coinomi would be such a fantastic wallet if only its code were open-source. I've never had any problems with them, but I can't say it doesn't make me just a little bit nervous knowing that the code hasn't been reviewed by any independent parties. I guess I could say the same thing about Ledger, too.

One thing about Ledger nano is that its secure element which it is using to generate and store seed phrase is close source, it is operated with an extension like the ledger live or wallet like electrum which is open source, some people still believe it can be trusted because of that, unlike wallets that spyware or other vulnerabilities can be introduced. But, also still very possible the secure element can have vulnerability in which predetermined seed phrase can be generated, that is why open source hardware wallet like Trezor is still better, but with the use of passphrase in case of physical theft.

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

Quote from: bitmover on March 15, 2021, 08:29:40 AM

If this person can unlock your phone and open your Coinomi app, he can just open the App and view the seed. This can be done at anytime using coinomi.

This is why I don't store any crypto on my phone anymore, and I used to use Coinomi and Electrum for Android. I tend to be a bit careless as far as keeping my phone secure, and if I had lost my phone when I had those wallets someone could certainly have taken all the funds off of them (not that I ever kept a huge amount on my phone). I figured that it's just too damn easy to lose your phone that I didn't want to take a chance and quit using mobile wallets altogether.

Quote from: Charles-Tim on March 15, 2021, 07:23:13 AM

but is one of the best close source wallet

Coinomi would be such a fantastic wallet if only its code were open-source. I've never had any problems with them, but I can't say it doesn't make me just a little bit nervous knowing that the code hasn't been reviewed by any independent parties. I guess I could say the same thing about Ledger, too.

gentaap01

newbie

Activity: 8

Merit: 0

And if you didn't set that bip39 pass it's just a matter of days to get yoyr keys

libert19

hero member

Activity: 2520

Merit: 952

Did you set up password while setting up wallet? If yes, they can't get to your seed without password.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: zxbit on March 15, 2021, 07:01:28 AM

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys?

If they gain access to your coinomi wallet, i.e. access to the wallet application on your device? Then definitely, yes.

Quote from: zxbit on March 15, 2021, 07:01:28 AM

I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

That's a tough question.
The storage is encrypted, by default.

If you have an older model, some vulnerabilities might exist which allows to extract the master key.
If the device is running (and decrypted) when someone gains access to it (i.e. it is booted and has been unlocked once by you), then a cold-boot attack might be possible where the whole device is cooled down, memory extracted and then directly accessed.
The latter one is a sophisticated attack and not achievable for a random person.

In general i'd say you are fine if the mobile is turned off. If it was turned on, the risk is higher but still low enough to not completely freak out if you don't store tons of crypto on it.
Definitely make sure to never use these keys again tho and move your funds away as soon as possible.

Don't store more money on a mobile wallet than you would carry with you in cash, and you are fine.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Quote from: zxbit on March 15, 2021, 07:01:28 AM

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys?

Possible, but as for the technology used in coinomi wallet, hackers won't mind getting your private keys, they just need your recovery seed in able them to access your funds, which can be access on your coinomi account. Only possible if you didn't set a security to coinomi app.

In case of phone lost, import your recovery seed to a new installed coinomi app and transfer your funds to a new wallet asap to avoid lossing funds.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: zxbit on March 15, 2021, 07:01:28 AM

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

If this person can unlock your phone and open your Coinomi app, he can just open the App and view the seed. This can be done at anytime using coinomi.

If you believe someone might have done something like that, you should straight away move your coins to a new Coinomi wallet, with a fresh new Seed.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

First of all, I will like you to know that Coinomi is now a close source wallet some years back, but is one of the best close source wallet, although close source wallet can not be trusted nor recommendable. I was using Coinomi before and so conversant with ways to protect my wallet if my mobile phone or device is stolen.

1. The first layer of protection is to password your phone, anytime you want to use your phone, it will need the password.
2. The second layer of protection is to password Coinomi wallet itself, anytime you want to open the wallet, it will ask for the Coinomi password.
3. The third layer of protection is to encrypt your wallet with a password in a way anytime you want to spend from Coinomi wallet, you will need to input the password.

Note: Never store your seedphrase, passphrase and passwords on device, having it offline is better.

zxbit

jr. member

Activity: 60

Merit: 1

Looks like Android 9, 10 has encrypted storage by default. This is good news.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: zxbit on March 15, 2021, 07:01:28 AM

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

It's possible but he would need to unlock and break your phone password (if you have it like you should) and break password for your Coinomi wallet, than he could in theory extract your private keys.
Always have good password protection and enable phone encryption in settings, but I would never keep a lot of coins on mobile it should be more as a pocket money.
In case you lose your phone you should import keys to other wallet and send funds to other wallet address asap.

zxbit

jr. member

Activity: 60

Merit: 1

If someone will get access to my Coinomi wallet on Android 10 they can get access to my private keys? I mean if this someone have understanding of situation and get access full hardware access to my Android 10 smartphone storage.

Topic: Lost smartphone with Coinomi wallet and private keys? (Read 275 times)