Pegasus & phone wallets | Bitcointalksearch.org

tiCeR

hero member

Activity: 1666

Merit: 743

Quote from: Charles-Tim on July 27, 2021, 03:15:02 AM

Quote from: tiCeR on July 26, 2021, 05:00:37 PM

It is correct what you are saying, but when I were to ask you to give a guess how much % of cryptocurrency wallet users use a hardware wallet or a wallet on airgrapped device, what would be your guess? I believe that number may not even be double digit. If you take trust wallet as an example, Pegasus should be able to crack that or not?

Spyware is capable of stealing any information on your devices, it can reveal the information on your device to hackers that can steal bitcoin, it can even be beyond only stealing Bitcoin, it can steal anything on ones device.

Trust wallet is even a close source wallet, even if its source code is having malware like spyware, who is going to know than the developers? Nobody. Also spyware can be able to know a lot of activities on you mobile or desktop devices. The best is to just avoid malware which will a lot be helpful. Visit only legit URL, you can have anti-malware for protection, use ad blockers and follow all ways that can protection your device from malware.

But there are massive programs where state authorities have the right to infiltrate mobile devices and laptops via other ways. I read that in Germany there was a discussion that mobile service providers were once suggested to be part of an operation where they infiltrate mobile phones with a state controlled virus at scale. They even wanted to include email providers in that program, but they protested against it and now they found another solution. Mass surveillance is not going to be a Chinese thing only.

michellee

hero member

Activity: 2604

Merit: 816

Play Bitcoin PVP Prediction Game

It could be but that will depend on how you treat your phone wallets by installing unknown software. If you can be careful when you want to install apps, you can prevent spyware from penetrating and stealing your data on your mobile phone.

You can install a bitcoin mobile wallet in the unused mobile phone in your daily so you will not have to worry about that spyware.

Lucius

legendary

Activity: 3108

Merit: 5364

Fortis Fortuna Adiuvat⚔️

Anyone who stores sensitive data on their smartphones without encryption should be concerned about this program, as it is the ultimate spying tool. The program can collect absolutely all information from a mobile phone - so all mobile wallets are endangered, some reports show that infected mobile phones can even display phishing links, which is one of the great dangers for all crypto users.

However, as far as I understand, this software is only used for very specific targets, mostly its victims are politicians and journalists - and it is used by government agencies. But since it has been on the market for years, it is possible that there are some versions that have fallen into the hands of hackers targeting crypto users.

ranochigo

legendary

Activity: 2954

Merit: 4158

I know one of Pegasus's attack method was through an RCE with Whatsapp. It does not require any interaction by the user and can be done stealthily.

Like it or not, all of your devices can be vulnerable in one way or another, either through a backdoor within the hardware/firmware or just a normal program installed. There is absolutely no way you can guarantee anything to be perfectly safe. You can evaluate your risks and secure it in a way that makes it either overly expensive or intrusive to steal your coins.

Tl;dr: Zero day vulnerabilities are always present and exploited. It isn't limited to phones.

20kevin20

legendary

Activity: 1134

Merit: 1597

If you're afraid of the Pegasus wallet, I personally think you should be first afraid of the big corporations who already know much more information about you than you may imagine.

Systems in general have weak points, there will always be vulnerabilities one can exploit. Storing your bucks on a hot wallet is already known as an unsafe bet, and there are alternatives even to these kind of phone exploits. For example, you could buy the cheapest smartphone you can get and use it as a cold wallet of the family. Unless you play with its system by rooting it and flashing custom ROMs, as long as you keep it constantly offline (although devices with WiFi, GSM and Bluetooth modules are never truly offline...) you should be fine.

But again, the change should start from the roots. Linux instead of Windows. Verify executables before actuallyexecuting them. DuckDuckGo or Microsia instead of Google. And so on..

Kakmakr

legendary

Activity: 3388

Merit: 1943

Leading Crypto Sports Betting & Casino Platform

Now that the "Pegasus spyware" are revealed to the public, people will be more vigilant on what they store on their phones. If you just dump a small amount of Crypto on your mobile wallet to buy something to eat or drink .. you will not be targeted. Wink

The Anti-virus companies will also look at methods to detect "Pegasus spyware" and to block or remove it from people's phones. If they do not do that, people will not trust them to secure their mobile devices. Wink

BlackHatCoiner

legendary

Activity: 1344

Merit: 6415

Farewell, Leo

Quote from: hemzer on July 26, 2021, 03:48:57 PM

With the revelation of Pegasus does that mean phone wallets can be compromised so easily?

Well, phone wallets aren't bad because of the security they provide. It has to do with the operating system. For example, Android isn't open source and since everyone uses it, there may be weaknesses that only Google can take care and is aware of. I guess, though, that it wouldn't have any difference if you used it as an airgapped device.

Quote from: tiCeR on July 26, 2021, 05:00:37 PM

It is correct what you are saying, but when I were to ask you to give a guess how much % of cryptocurrency wallet users use a hardware wallet or a wallet on airgrapped device, what would be your guess? I believe that number may not even be double digit. If you take trust wallet as an example, Pegasus should be able to crack that or not?

I'd guess that around 15% of the Bitcoin users use open-source non-custodial wallets. (hardware, paper, airgapped etc)

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Everyone knows that this modern devices called smartphones are more or less spying devices that track everything you do online and track everywhere you move in real life.
Work of a spy and secret agents was made much easier since this devices gained global adoption, and almost everyone have one of them in their hands, or heads 24/7 (bad idea).
Even without Pegasus, you should never 100% trust your smartphone device that runs on google big brother, so I would never recommend anyone keeping large amounts of Bitcoin in mobile wallets.
What people in El Salvador and other parts of the world need is de-googled phone device that is open source and runs on Linux OS, you can then add Bitcoin wallet, vpn, encryption and good password protection.

milani

sr. member

Activity: 1092

Merit: 254

Quote from: hemzer on July 26, 2021, 03:48:57 PM

With the revelation of Pegasus does that mean phone wallets can be compromised so easily?
Not blaming BTC but the security of android as a host system, is so weak?
I know people only carry chump change in them..but in 3rd worlds nations such a El Salvador .. isn't the whole circular economy project based on phone wallets.

Even before Pegasus has been created keeping big amounts of your assets on mobile gadgets has always been really too risky. There are too many apps in your mobile phone that have such an opportunity to steal your data. Of course it depends on the exact gadget, some percentage of wallets like mobile apps have some level of protection, even you may have the 2FA, but nevertheless still it is a really too risky, because if not hacked but you may just lose your phone or it may be broken, and your assets may be lost as well. The best way to keep safely your assets is via cold wallets. Nowadays it is the strongest guarantee. And of course remember about simple rules - be conscious and do not open strange links or whatever you are not sure that it may be safety. And everything will be OK.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: tiCeR on July 26, 2021, 05:00:37 PM

It is correct what you are saying, but when I were to ask you to give a guess how much % of cryptocurrency wallet users use a hardware wallet or a wallet on airgrapped device, what would be your guess? I believe that number may not even be double digit. If you take trust wallet as an example, Pegasus should be able to crack that or not?

Spyware is capable of stealing any information on your devices, it can reveal the information on your device to hackers that can steal bitcoin, it can even be beyond only stealing Bitcoin, it can steal anything on ones device.

Trust wallet is even a close source wallet, even if its source code is having malware like spyware, who is going to know than the developers? Nobody. Also spyware can be able to know a lot of activities on you mobile or desktop devices. The best is to just avoid malware which will a lot be helpful. Visit only legit URL, you can have anti-malware for protection, use ad blockers and follow all ways that can protection your device from malware.

BitMaxz

legendary

Activity: 3206

Merit: 2904

Block halving is coming.

It depends on how you protect your wallet in your phone the pegasus spyware can only access your data if they have rooted access since Android phones are not rooted by default they can't do anything.

I'm using my phone with Knox protection anything apps or files that I want private I put them all in a secured folder protected by Knox and it will disable if someone tries to root the phone but even they get the data from the Knox folder all files are encrypted that they can't easily decrypt.

Based on what I research about Pegasus spyware they can also hijack cameras and mic to monitor your activity but mainly on IOS devices. Most of the affected by this spyware is IOS and a few Android phones.

So it will still depend on you if how you protect your phone from any attacks. Mine I'm using Samsung phone there is a special security feature that you can use called Knox. But not only that you can also disable all sensors to avoid your phone from monitoring, if you are using Samsung you can't find this feature you will need to enable the developer option and look for "sensors off". This will help if someone is spying on you they can't retrieve any data or even use the camera and mic.

boyptc

hero member

Activity: 2940

Merit: 657

★Bitvest.io★ Play Plinko or Invest!

Quote from: hemzer on July 26, 2021, 03:48:57 PM

but in 3rd worlds nations such a El Salvador .. isn't the whole circular economy project based on phone wallets.

Not only for them but for every country where bitcoin is massively accepted. Having phone wallets or installing wallets through your phone is very handy.

You just scan when you're paying bitcoin for any transaction that you're about to do and that's why it's common. But whenever you're going to use a phone wallet, you should only put the amount that you're about to spend.

It's not a good place to store for long term.

tiCeR

hero member

Activity: 1666

Merit: 743

Quote from: Charles-Tim on July 26, 2021, 03:57:05 PM

Comparing wallet types in relation to security weakness:

Hardware wallet, paper wallet and wallets on airgapped devices are safest.
Desktop wallet is still safer because it is not used like phone, if you lose your phone you might lose you funds if compromised by hackers.
Then mobile wallets which is still better than web wallet
The weakest are web wallets.

No wallet will be safe if you do not protect your wallet.

About malware like Pegasus spyware, hardware wallet and wallet on airgapped devices would be resistant to spyware because the seed phrase and keys are completely offline, but the spyware can still spy your activities. But web, mobile and desktop wallets are not all resistant to malware. Protect yourself from malware.

You can start reading some of these topics: Good topics on security and privacy to help protect yourself from malware.

Lastly, know that cold wallet like hardware wallet and wallet on airgapped devices might not be resistant to clipboard and QR code malware. So, make sure the device used to operate your cold wallet is not having malware, also check and recheck the recipient address you are sending to for it not to have changed to a hacker's address.

It is correct what you are saying, but when I were to ask you to give a guess how much % of cryptocurrency wallet users use a hardware wallet or a wallet on airgrapped device, what would be your guess? I believe that number may not even be double digit. If you take trust wallet as an example, Pegasus should be able to crack that or not?

Upgrade00

legendary

Activity: 1988

Merit: 2160

Professional Community manager

It is yet unclear the level of information that could be affected by such a spyware and how one can get compromised, so we cannot say to what extent it can affect your wallet security or if it affects it at all. Every Bitcoin holder should be very conscious about security and should always take precautions to protect themselves

Quote from: hemzer on July 26, 2021, 03:48:57 PM

I know people only carry chump change in them..but in 3rd worlds nations such a El Salvador .. isn't the whole circular economy project based on phone wallets.

This could potentially pose a problem, but it could be solved with the use of airgapoed devices or only keeping little amounts in your hot wallets.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Comparing wallet types in relation to security weakness:

Hardware wallet, paper wallet and wallets on airgapped devices are safest.
Desktop wallet is still safer because it is not used like phone, if you lose your phone you might lose you funds if compromised by hackers.
Then mobile wallets which is still better than web wallet
The weakest are web wallets.

No wallet will be safe if you do not protect your wallet.

About malware like Pegasus spyware, hardware wallet and wallet on airgapped devices would be resistant to spyware because the seed phrase and keys are completely offline, but the spyware can still spy your activities. But web, mobile and desktop wallets are not all resistant to malware. Protect yourself from malware.

You can start reading some of these topics: Good topics on security and privacy to help protect yourself from malware.

Lastly, know that cold wallet like hardware wallet and wallet on airgapped devices might not be resistant to clipboard and QR code malware. So, make sure the device used to operate your cold wallet is not having malware, also check and recheck the recipient address you are sending to for it not to have changed to a hacker's address.

hemzer

jr. member

Activity: 43

Merit: 7

With the revelation of Pegasus does that mean phone wallets can be compromised so easily?
Not blaming BTC but the security of android as a host system, is so weak?
I know people only carry chump change in them..but in 3rd worlds nations such a El Salvador .. isn't the whole circular economy project based on phone wallets.

Topic: Pegasus & phone wallets (Read 153 times)