Old phone as cold storage? | Bitcointalksearch.org

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: bpkdasbaum on March 28, 2023, 06:39:00 PM

Basically you want this:

It's nice, but it's not necessary. The extra protection provided by a steel back up can be replicated with paper by simply having two or more back ups in separate geographical locations.

Quote from: dkbit98 on March 28, 2023, 06:39:01 PM

Most of this can easily be disabled with Airplane mode, so it's not that hard, unless you want to permanently remove them.

As I said higher up in this thread, a software airgap will always be inferior to hardware airgap, and it is near impossible for the average person to actually confirm that airplane mode is preventing their phone from transmitting any data.

Z-tight

hero member

Activity: 826

Merit: 1010

Only BTC

Quote from: Synchronice on March 29, 2023, 04:51:39 AM

Definitely I know we talk about cold wallet. My point is that it's not necessary to take very strict measures if you don't plan to hold it for a very long-term or if you don't plan to hold much bitcoin, that's why I am saying that most people who say that they want cold wallet, will safely keep their funds with hot wallet which happens to be offline at the moment.

Your points are very correct, but you should know that sometimes some people do not plan exactly how long they want to hold, they just start and see what happens, and "much BTC" is subjective, what could you or o_e_l_e_o could afford to lose, may not be what i can for example. And 0.01 BTC may not be so much now, but a hypothetical situation BTC rises to 100k usd in the future, and it now worths something.

So i will think the best thing to do if one cannot get a hardware wallet is to have two wallets on different devices, one a cold storage in all the true senses and the other a hot wallet, it does not matter how long they want to hold the BTC that's in the cold storage, or if they start with 0.001 BTC, but just so they know they have a completely airgapped device that holds their BTC and less chances of vulnerabilities, they can always send funds into cold storage whenever they like, and in the future they could have an attractive portfolio that's safe in their custody.

Synchronice

hero member

Activity: 840

Merit: 756

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: o_e_l_e_o on March 28, 2023, 01:18:25 PM

Quote from: Synchronice on March 28, 2023, 06:04:41 AM

I think that when one has 0.01 bitcoin and wants a secure wallet, hot wallet which happens to be offline at the moment is a normal choice.

Absolutely. I have a hot wallet on my phone which is pretty much online 24/7. I've had such a hot wallet for years, which I've spent from multiple times a week, and I have never been hacked and never lost a single satoshi from it. It's entirely possible to have a safe hot wallet. However, I am under no illusion that such a wallet is by far the riskiest wallet I own and is by far the most likely wallet I own to be hacked or exposed to malware. I only ever keep a small daily spending amount of bitcoin in it (certainly no more than 0.01 bitcoin as you say).

But the discussion here is about cold wallets. The wallet I describe above will never be a cold wallet. A mobile wallet which only goes online once a year is also not a cold wallet. It might be safe so far, but it is never as safe as an actual cold wallet. I could drive for 10 years without ever wearing a seat belt and never suffer any injuries - doesn't make it a good idea.

Definitely I know we talk about cold wallet. My point is that it's not necessary to take very strict measures if you don't plan to hold it for a very long-term or if you don't plan to hold much bitcoin, that's why I am saying that most people who say that they want cold wallet, will safely keep their funds with hot wallet which happens to be offline at the moment.

Quote from: dkbit98 on March 28, 2023, 06:39:01 PM

Quote from: o_e_l_e_o on March 28, 2023, 01:57:41 AM

Maybe so, but there is also WiFi, Bluetooth, RFID, NFC, and other connectivity modules to consider too. Disabling all of them without breaking the phone is difficult. It is far easier to start with an old laptop which does not have the majority of these at all and then just remove the WiFi card.

Most of this can easily be disabled with Airplane mode, so it's not that hard, unless you want to permanently remove them.
Laptop is better for many things, but you can't disable or remove anything unless you have specific models ^{(example old Thinkpads)}, most laptops today (sadly) have almost everything soldered on board.

The problem is that you can't actually trust your Airplane mode on your smartphone, nor on your laptop. I think, there are laptops with motherboards that do not come with built-in Wi-Fi.

bettercrypto

sr. member

Activity: 1288

Merit: 268

★Bitvest.io★ Play Plinko or Invest!

Quote from: Kakmakr on February 07, 2022, 12:45:16 PM

This might sound stupid, but I just thought I mention it.

Imagine you are a thief and you break into someone's house.... What is the first thing you are looking for.... ?

1. Money
2. Notebooks / Tablets
3. Mobile phones
4. Weapons

I think you get what I am pointing to.... A thief will more likely take a phone, than target a hardware wallet. So, it would ..in my opinion.. be better to use a hardware wallet, because not a lot of thieves know about hardware wallets.

Did you "Factory default" the Android device, before you used it for Cold storage?

Usually, in this era, the main target of thieves is always when they break into a house, money and the things you mentioned except for weapons or belongings are always taken.

It seems that in such scenarios, the thief will not think about the hardware wallet, because the first thing the thief knows is that the person he robbed has a hardware wallet. So instead of using the cold storage of the phone, it is still really good to use another trustworthy and recommendable software wallet or hardware wallet.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: Saint-loup on March 26, 2023, 08:04:42 AM

It's usually not very hard to remove the antenna on smartphones https://www.youtube.com/watch?v=ICV7vPF9mPE

It's even more easier to do it if you have modular smartphone like Fairphone, they can be totally disassembled to parts, including antenna.

Quote from: Saint-loup on March 26, 2023, 08:04:42 AM

But if you can't do it you can destroy/damage the SIM card slot in order to avoid someone from your home or a burglar to use it. And if you can't easily access it on your phone, you can just put some glue into it.

That might not be enough with new smartphones, because most of them have eSIM that can be downloaded and installed, so there is no physical card slow to glue.
Even worse news are coming from Apple who are planning to fully remove card slot and use only eSIM in future.
If Apple really starts doing it, than you know most other brands will follow like always.

Quote from: o_e_l_e_o on March 28, 2023, 01:57:41 AM

Maybe so, but there is also WiFi, Bluetooth, RFID, NFC, and other connectivity modules to consider too. Disabling all of them without breaking the phone is difficult. It is far easier to start with an old laptop which does not have the majority of these at all and then just remove the WiFi card.

Most of this can easily be disabled with Airplane mode, so it's not that hard, unless you want to permanently remove them.
Laptop is better for many things, but you can't disable or remove anything unless you have specific models ^{(example old Thinkpads)}, most laptops today (sadly) have almost everything soldered on board.

bpkdasbaum

newbie

Activity: 8

Merit: 14

Phones are a really bad choice for cold storage.

They are always connected to cell network/tower and internet. Ever noticed how you can do an emergency call without a sim card? That connection potentially works backwards via backdoors as well.
Police can access your phone and listen in without you knowing. If they can, so can potentially other unwanted parties. Doing anything crypto related on your phone open you up for attack.

There is also risk of chip/battery failure. Even USB devices need to be reactivated every 1-2 years, otherwise they won't hold enough charge to keep the memory alive, which leads to data loss.
You mentioned cold storage, i assume that will be long term, so anything electrial is a no.

For cold storage you want to store your seed words (ideally encrypted) in something

- indestructible
- fireproof 1400°C (a house fire is around 1100°C)
- waterproof
- corrosion proof
- shock proof
- earthquake proof

Basically you want this:

https://i.etsystatic.com/41503409/r/il/689efd/4813988559/il_1588xN.4813988559_fcds.jpg
Picture taken from here: https://www.etsy.com/listing/1434977816

More information on that topic here:

https://jlopp.github.io/metal-bitcoin-storage-reviews/
https://incoherency.co.uk/blog/stories/diy-cryptosteel-capsule.html
http://bulletproofbitcoin.com/
https://blog.lopp.net/a-treatise-on-bitcoin-seed-backup-device-design/
https://www.econoalchemist.com/post/backup
https://blockmit.com/english/guides/diy/make-cold-wallet-washers/
https://bitcointalksearch.org/topic/securing-your-seed-phrase-with-washers-5389446

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: Synchronice on March 28, 2023, 06:04:41 AM

I think that when one has 0.01 bitcoin and wants a secure wallet, hot wallet which happens to be offline at the moment is a normal choice.

Absolutely. I have a hot wallet on my phone which is pretty much online 24/7. I've had such a hot wallet for years, which I've spent from multiple times a week, and I have never been hacked and never lost a single satoshi from it. It's entirely possible to have a safe hot wallet. However, I am under no illusion that such a wallet is by far the riskiest wallet I own and is by far the most likely wallet I own to be hacked or exposed to malware. I only ever keep a small daily spending amount of bitcoin in it (certainly no more than 0.01 bitcoin as you say).

But the discussion here is about cold wallets. The wallet I describe above will never be a cold wallet. A mobile wallet which only goes online once a year is also not a cold wallet. It might be safe so far, but it is never as safe as an actual cold wallet. I could drive for 10 years without ever wearing a seat belt and never suffer any injuries - doesn't make it a good idea.

Synchronice

hero member

Activity: 840

Merit: 756

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: pooya87 on January 04, 2023, 01:48:05 AM

The thing about smart phones is that they are designed to to be connected to some sort of network through different means, with or without SIM. A PC on the other hand is not designed that way and the steps you need to take to make it truly airgap are very simple and short. Your PC doesn't have an antenna by default, it doesn't have Bluetooth by default, or network card or a connected network cable, etc. all of which your phone already has.

Do you trust modern hardware? What if there is a tiny secret wireless transmitter? You'll never know, maybe modern hardwares come with advanced spying components, who knows?

Maybe it sounds crazy but to be honest, I would trust old 2000-2008's device more than 2023's devices. I think that when it was a new thing, priority was to develop this technology and they rarely thought about spying through it. You can pretty much create a bitcoin wallet on old computers.

Quote from: o_e_l_e_o on March 28, 2023, 01:57:41 AM

Quote from: hZti on March 27, 2023, 03:55:32 PM

If you use the smartphone/ tablet as cold storage, I dont see an issue if it will by mistake connect to the internet at some point. Yes it is not the best that can happen, but it will not automatically download a bitcoin specific virus, that cracks your encrypted wallet in no time. Seems a little bit to paranoid to me.

Well then you no longer have a cold wallet. You now have a hot wallet which happens to be offline at the moment.

The whole point of staying 100% airgapped is to mitigate other risks that are harder or impossible to protect against. Are you 100% sure there is no malware lurking on your device already? Are you 100% sure your device won't be targeted when you go online? Have you completely audited every piece of hardware and every single line of code in your device prior to using it? The answer to all of these is no. But if you can stay 100% airgapped at all times, then any such vulnerabilities will have a much harder time trying to steal your coins.

I think that when one has 0.01 bitcoin and wants a secure wallet, hot wallet which happens to be offline at the moment is a normal choice. If you are a person who regularly downloads pirate softwares, games, visits suspicious websites that are full of spam advertisements and so on, then you definitely need to use cold wallet even for the low amount of bitcoins.
If you are a regular user who somehow happens to have Google Pixel smartphone and 0.01 bitcoin into it's electrum wallet and only uses Facebook, Youtube, Netflix, Twitter, Reddit and Amazon apps, I genuinely believe no one will take a single satoshi from your wallet, even if we both agree that modern hardwares and softwares spy on us.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: Saint-loup on March 26, 2023, 08:04:42 AM

It's usually not very hard to remove the antenna on smartphones

Maybe so, but there is also WiFi, Bluetooth, RFID, NFC, and other connectivity modules to consider too. Disabling all of them without breaking the phone is difficult. It is far easier to start with an old laptop which does not have the majority of these at all and then just remove the WiFi card.

Quote from: hZti on March 27, 2023, 03:55:32 PM

If you use the smartphone/ tablet as cold storage, I dont see an issue if it will by mistake connect to the internet at some point. Yes it is not the best that can happen, but it will not automatically download a bitcoin specific virus, that cracks your encrypted wallet in no time. Seems a little bit to paranoid to me.

Well then you no longer have a cold wallet. You now have a hot wallet which happens to be offline at the moment.

The whole point of staying 100% airgapped is to mitigate other risks that are harder or impossible to protect against. Are you 100% sure there is no malware lurking on your device already? Are you 100% sure your device won't be targeted when you go online? Have you completely audited every piece of hardware and every single line of code in your device prior to using it? The answer to all of these is no. But if you can stay 100% airgapped at all times, then any such vulnerabilities will have a much harder time trying to steal your coins.

Saint-loup

legendary

Activity: 2590

Merit: 2348

Quote from: hZti on March 27, 2023, 03:55:32 PM

If you use the smartphone/ tablet as cold storage, I dont see an issue if it will by mistake connect to the internet at some point. Yes it is not the best that can happen, but it will not automatically download a bitcoin specific virus, that cracks your encrypted wallet in no time. Seems a little bit to paranoid to me.

I agree with you but if you are storing several Bitcoins into your device, you will want to be protected against the risk that a malware could be waiting somewhere into your OS and would be able to send your seed to someone else as soon as your device is connected to internet, even briefly. The topic is about replacing a hardware wallet by an old smartphone, so you can't tolerate this kind of flaw.

hZti

hero member

Activity: 938

Merit: 642

Magic

If you use the smartphone/ tablet as cold storage, I dont see an issue if it will by mistake connect to the internet at some point. Yes it is not the best that can happen, but it will not automatically download a bitcoin specific virus, that cracks your encrypted wallet in no time. Seems a little bit to paranoid to me.

Saint-loup

legendary

Activity: 2590

Merit: 2348

Quote from: NeuroticFish on January 03, 2023, 06:21:10 AM

Quote from: pooya87 on January 03, 2023, 12:22:09 AM

and phones are extremely hard to made truly air-gap

I keep seeing people telling that phones are hard to airgap and.. sorry, but I'm not convinced.

* one can remove the SIM then mobile internet will no longer be used
* one can turn off NFC (if available); however, not a great attack vector
* one can turn off Bluetooth and go airplane mode; however, not a great attack vector unless 100% targeted
* one can remove/forget all known Wi-Fi SSIDs and set the phone not connect to any other/unprotected SSID

One very good argument is that a burglar will most probably steal that smartphone even if it's older, put a SIM in it and turn everything on, making indeed phones somehow risky for cold storage.
Another very good argument is that somebody in the house would do exactly that too (put a SIM in) because of not knowing it's a "special use" phone.

But all this can easily happen with a laptop too (stealing or plugging in a network cable). And let's not compare online securit between old laptops and old phones because both are bad and also dependent of owner's skills in setting them up.

It's usually not very hard to remove the antenna on smartphones https://www.youtube.com/watch?v=ICV7vPF9mPE
But if you can't do it you can destroy/damage the SIM card slot in order to avoid someone from your home or a burglar to use it. And if you can't easily access it on your phone, you can just put some glue into it. It is very unlikely that the burglar will manage to fix it on the same day as the thief. So it would leave enough time to transfer your funds elsewhere.
But IMO it's simpler to use a tablet only offering a Wifi connection and to deactivate it in your OS or to physically remove the antenna.
There are maybe some Android GPS with no network connection able to run the Electrum app too.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: NeuroticFish on January 03, 2023, 04:46:31 PM

Maybe a bit paranoid, but not too much.

That's what I aim for. Tongue

Quote from: Lida93 on January 06, 2023, 01:13:33 AM

If someone should decide to use an Android phone wether old or new make for cold storage then it's expected that the person should have a secure hidden place place that by chance still wouldn't come to the thought of a burglar that anything of value like a phone could be placed there not to talk of a phone used as cold storage.

If you are planning to physically hide your wallet as a main part of your security set up, then a phone is bulky and difficulty to hide. Compare to some of the much smaller hardware wallets which are on the market, or to just a simple sheet of paper with a seed phrase written down. Not only are both a good airgapped hardware wallet or a properly set up paper back up easier to hide than a phone, they are also more "cold" than a phone could ever be.

Lida93

hero member

Activity: 728

Merit: 512

Quote from: NeuroticFish on January 03, 2023, 06:21:10 AM

Quote from: pooya87 on January 03, 2023, 12:22:09 AM

and phones are extremely hard to made truly air-gap

One very good argument is that a burglar will most probably steal that smartphone even if it's older, put a SIM in it and turn everything on, making indeed phones somehow risky for cold storage.
Another very good argument is that somebody in the house would do exactly that too (put a SIM in) because of not knowing it's a "special use" phone.

If someone should decide to use an Android phone wether old or new make for cold storage then it's expected that the person should have a secure hidden place place that by chance still wouldn't come to the thought of a burglar that anything of value like a phone could be placed there not to talk of a phone used as cold storage.
Like every home has some spot's where no one would ever believe that something of value could be kept there not even a member of the house either.

pooya87

legendary

Activity: 3402

Merit: 10424

The thing about smart phones is that they are designed to to be connected to some sort of network through different means, with or without SIM. A PC on the other hand is not designed that way and the steps you need to take to make it truly airgap are very simple and short. Your PC doesn't have an antenna by default, it doesn't have Bluetooth by default, or network card or a connected network cable, etc. all of which your phone already has.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: o_e_l_e_o on January 03, 2023, 04:10:46 PM

Even the NSA have admitted they can still track phones which are in airplane mode, so your phone must still be sending and receiving some data.

Of course, its telephony can see what antennas are around in order to send SOS calls, which can be done without SIM. NSA can find out what antennas the phone was interogating and triangulate/approximate the position.

And if NSA wants to get in your devices, the old phone you start now and then to sign transactions is your smallest problem Cheesy

But I don't deny it you have a point. Maybe a bit paranoid, but not too much.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: Ryker1 on January 02, 2023, 06:48:30 PM

As they said --air-gapped smartphones are much safer than the air-gapped PC which are vulnerable to hacking, did you know that even fully air-gapped PC can exfiltrate information through the output radio signals generated by the computer or call ^{[electromagnetism]}.

If someone knows enough about your set up to make you a target for such an attack, can gain access to your airgapped computer, bypassing all physical and all electronic protections you have in place in order to install the necessary malware to start transmitting your private keys via modulating electrical signals in various internal components, as well as bugging your house with the necessary hardware in order to pick up and transmit those signals, then every single wallet you own is at risk (not to mention literally everything that you own). Such attacks are almost entirely theoretical.

Quote from: NeuroticFish on January 03, 2023, 06:21:10 AM

I keep seeing people telling that phones are hard to airgap and.. sorry, but I'm not convinced.

I will never trust a software airgap (i.e. a phone with airplane mode turned on or WiFi turned off) as much as I will trust a hardware airgap (i.e. a computer with no WiFi card). It is almost trivial to open up a computer and remove the WiFi card, ethernet card, etc., while it is almost impossible to remove the antenna, WiFi, Bluetooth, NFC, RFID, etc. from your average smart phone without breaking it in the process. And how does the average person verify that airplane mode is doing what you want it to be doing. Even the NSA have admitted they can still track phones which are in airplane mode, so your phone must still be sending and receiving some data.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: BlackHatCoiner on January 03, 2023, 01:02:32 PM

Another argument is that a burglar is unlikely to expect you to use a smartphone for a cold storage. If he sees a phone to steal, the steps he'll do later are pretty much known. Reset, and sold to some stranger for a ridiculously low price.

This can be a good point indeed: basically hiding the cold storage in plain sight.

Quote from: BlackHatCoiner on January 03, 2023, 01:02:32 PM

Also, as said, you can use a password to encrypt everything.

True, this part I forgot about.

Quote from: BlackHatCoiner on January 03, 2023, 01:02:32 PM

The best argument for not using a smartphone as cold storage, is that desktop wallet software such as Bitcoin Core and Electrum are simply more tested, and are consisted of a bigger community. Another good argument, is that a linux distro is far more tested than a smartphone OS.

This is a good argument. Still, this doesn't make the cold storage unsafe per se, especially since the wallet seed has backups.

BlackHatCoiner

legendary

Activity: 1344

Merit: 6415

Farewell, Leo

Quote from: NeuroticFish on January 03, 2023, 06:21:10 AM

Another very good argument is that somebody in the house would do exactly that too (put a SIM in) because of not knowing it's a "special use" phone.

Another argument is that a burglar is unlikely to expect you to use a smartphone for a cold storage. If he sees a phone to steal, the steps he'll do later are pretty much known. Reset, and sold to some stranger for a ridiculously low price. Also, as said, you can use a password to encrypt everything.

The best argument for not using a smartphone as cold storage, is that desktop wallet software such as Bitcoin Core and Electrum are simply more tested, and are consisted of a bigger community. Another good argument, is that a linux distro is far more tested than a smartphone OS.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: adaseb on January 02, 2023, 02:41:30 PM

I don't think a mobile phone will ever be considered good cold storage, ever. The issue is that unlike an old laptop which you can take apart and remove the BlueTooth/Wifi chips, you cannot do this to a mobile phone.

This is true for most smartphones but there are certain modular models like Fairphone and you can open them very easy and replace or remove almost anything you want.
After removing antenna and all the other things you don't need (maybe microphone) you could also put phone in airplane mode just to be sure.
I would never buy and use Iphone as cold storage, but there are phones with secure storage and some people are working on fully open source phones.
It's not my first choice to use phones as scold storage, but it's possible to do it.

Topic: Old phone as cold storage? (Read 938 times)