Pages:
Author

Topic: [Warning] About Coinomi - page 2. (Read 2147 times)

full member
Activity: 238
Merit: 100
December 14, 2017, 10:05:34 AM
#34
Oh, good that you made us aware, thanks for that. I was about to set up a wallet, but wont go this route now. Also I dont like this unprofessional behavior, they should be rather thankful to this developer because he made them aware of a security risk. I dont understand some people.
full member
Activity: 406
Merit: 109
December 14, 2017, 09:56:11 AM
#33
Was this ever resolved ?

just heard about coinomi and was wanting to try it out.
legendary
Activity: 2758
Merit: 6830
October 08, 2017, 11:50:41 AM
#32
As I understood right, the issue is fixed now, isn't it or should we move our coins away from old addresses?
I don't think so. Doesn't look like Coinomi thinks this is a security issue - just like what happened with Jaxx a few months ago. They even changed the title of the issue from Security Vulnerability: Coinomi transmits all data in plain text to Coinomi transmits all data in plain text.

We never lied, there isn't any security implication associated with your findings. And we haven't ignored you so please stop making this personal. Unless you have something constructive to add to this, this thread will be locked.

If you feel uncomfortable with the way Coinomi inquires the blockchains you may as well use a VPN service (there are several good solutions for Android) until SSL is included in a feature releases.
hero member
Activity: 909
Merit: 508
October 07, 2017, 03:54:54 PM
#31
As I understood right, the issue is fixed now, isn't it or should we move our coins away from old addresses?
sr. member
Activity: 2618
Merit: 439
October 07, 2017, 11:58:24 AM
#30
We are going to make an official announcement as to what really happened here once our investigation is through, thank you.

Ok fair enough. You should make it official so that all this questions about the vulnerability of your wallet could be address. Its been what more than 2 weeks now since the report has been reported and we haven't seen any reply from you guys. You can't just go here and post:

We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.

I like Coinomi. But don't let this issue ruin your reputation. At least a official statement will be enough for your users and potential users. So the feeling of doubt about your services can be cleared.
Agreed. Until the issue is fix and has been confirmed by other users I will still not getting you wallet. A lot has been discussed about the issue not only here but it twitter sphere and reddit. A official statement coming from you guys will qualms all fears about your wallet. And please inform as well the individual who have found the vulnerability and let him do another testing run so that there's no doubt that the issues is fix already.
legendary
Activity: 3080
Merit: 1353
October 07, 2017, 11:51:14 AM
#29
We are going to make an official announcement as to what really happened here once our investigation is through, thank you.

Ok fair enough. You should make it official so that all this questions about the vulnerability of your wallet could be address. Its been what more than 2 weeks now since the report has been reported and we haven't seen any reply from you guys. You can't just go here and post:

We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.

I like Coinomi. But don't let this issue ruin your reputation. At least a official statement will be enough for your users and potential users. So the feeling of doubt about your services can be cleared.
newbie
Activity: 52
Merit: 0
October 07, 2017, 11:42:46 AM
#28
We are going to make an official announcement as to what really happened here once our investigation is through, thank you.
full member
Activity: 392
Merit: 102
October 05, 2017, 06:26:35 PM
#27
We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.

I don't know if this is an official response, but if it is... great that you've updated to SSL.  However, this has moved way beyond the SSL issue and is more about the response to the potential security issue.  You probably should huddle up as a leadership team and figure out how to recover the disaster your social team created.
newbie
Activity: 52
Merit: 0
October 05, 2017, 04:32:50 PM
#26
We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.
hero member
Activity: 2912
Merit: 556
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
October 01, 2017, 04:17:16 AM
#25
i hope the dev will fix the problem so we can still using the wallet. its too bad to hear this news because i save the coins into coinomi and thank you for giving this info. i am trying to thinking to move my coins into another wallet if there is not any update from the dev. but i realize there is no guarantee for every wallet that will be 100% secure.
full member
Activity: 504
Merit: 107
A non technical guy in a technical world
September 30, 2017, 10:05:31 PM
#24
Well this is not good news. I hope they get it fixed. Coinomi is where my first wallets am from, still have them too
legendary
Activity: 966
Merit: 1042
September 30, 2017, 10:02:43 PM
#23
Quote
"This has privacy issues, meaning I can view all of your addresses and see how many coins you have, which addresses you're sending them to and which addresses you received them from.

It could also potentially open you up to a replay attack. e.g I ask you to pay me 1 BTC. I run a man in the middle attack meaning all your requests go through a computer I control before getting to Coinomi (this is possible because they aren't using SSL). I can then choose to stop the payment getting through. I say, I didn't get the payment. You can verify on the blockchain and in your client that the payment really hasn't gone through. You send it again and I receive the payment. Then at a later date I can re-send the original payment I captured which is still a valid transaction and I will receive another payment of 1BTC."

Woah that just blew my mind. I had no idea man-in-the-middle attacks could even happen with bitcoin transactions! Holy crap this is like getting DDOSed right at the wrong moment to screw you over and steal your bitcoins.
sr. member
Activity: 868
Merit: 259
September 30, 2017, 09:50:46 PM
#22
Have you found some reliable alternatives for it? Because I found Coinomi after searching a lot.

You have Exodus which support multiple coins as well but they only work in Desktop for the moment and there is Jaxx which you probably heard of before but they also faced a hack in the past (I believe private keys are stored in their servers) but they support phones so It's up to you.

No they are putting the Jaxx hack out of context. It could be the person who reported it transferred his own funds to another wallet and claimed he has hacked. In fact the report was questionable because it was made right after the discovery that your Jaxx seeds could be extracted in plain text.

The private keys are not stored in their servers. Please read up on it before you post. Its easy.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
September 30, 2017, 05:49:26 PM
#21
Oh, that's very unprofessional PR. But as I understand, this is only privacy issue and our coins are safe, because only bitcoin adresses, not private keys broadcasted over the network. But it must be fixed.
Coinomi was my favourite wallet for Android, because they support many coins, not like Jaxx or Exodus. I hope this privacy issue will be fixed, because I don't see any good alternatives for Coinomi.
legendary
Activity: 2758
Merit: 6830
September 30, 2017, 10:59:52 AM
#20
Nah I don't want to use Jaxx, have heard about it before no point of switching to a wallet already with a history of hacks. Would check out exodus. Thanks.
Don't.Exodus is equally prone to all those vulnerable hacks and certainly  doesn't belong in  the category of 'Safe Wallets'.
Why? AFAIK Jaxx only major issue was the possibility of extraction of the seed that was stored decrypted. But keep in mind that even if that's a major issue, this can only be explored if someone got access to your phone and can break through your lock screen. While Coinomi will transmit all your Bitcoin addresses - not private keys or any critical information that may expose your coins to hackers - without any SSL.

While Exodus is still kinda safe. Any wallet may be an "unsafe" if you're not careful with your OS. Even while using Electrum, you may lose your coins if you have a malware on your computer.
hero member
Activity: 1372
Merit: 647
September 30, 2017, 10:45:22 AM
#19
Oh I missed this news. Fortunately, the one on reddit is still there because the page on github have been taken down already. I've been using coinomi wallet for months now, tbh I used it yesterday for few transactions.

I visited their twitter page and saw that they will be giving their official statement about the issue in few days [LINK]. I'll wait for that statement first, I hope we could see it soon. Bad move of blocking that person though.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
September 30, 2017, 01:04:03 AM
#18
You have Exodus which support multiple coins as well but they only work in Desktop for the moment and there is Jaxx which you probably heard of before but they also faced a hack in the past (I believe private keys are stored in their servers) but they support phones so It's up to you.
I would not recommend a Desktop wallet built on Electron to anyone.If you know how electron works,their source code is installed on the desktop since it doesn't make any native apps and only runs an instance of a chrome browser on a windows PC.Code security is none,I don't even know how people trust such apps wit their private keys.

Nah I don't want to use Jaxx, have heard about it before no point of switching to a wallet already with a history of hacks. Would check out exodus. Thanks.
Don't.Exodus is equally prone to all those vulnerable hacks and certainly  doesn't belong in  the category of 'Safe Wallets'.
full member
Activity: 250
Merit: 106
September 30, 2017, 12:47:07 AM
#17
What is so bad on the way, addresses are shown? As long as they son't publish the keys ....
hero member
Activity: 1050
Merit: 529
September 29, 2017, 11:02:51 PM
#16
Have you found some reliable alternatives for it? Because I found Coinomi after searching a lot.

You have Exodus which support multiple coins as well but they only work in Desktop for the moment and there is Jaxx which you probably heard of before but they also faced a hack in the past (I believe private keys are stored in their servers) but they support phones so It's up to you.
Nah I don't want to use Jaxx, have heard about it before no point of switching to a wallet already with a history of hacks. Would check out exodus. Thanks.
sr. member
Activity: 2618
Merit: 439
September 29, 2017, 10:55:30 PM
#15
Have you found some reliable alternatives for it? Because I found Coinomi after searching a lot.

You have Exodus which support multiple coins as well but they only work in Desktop for the moment and there is Jaxx which you probably heard of before but they also faced a hack in the past (I believe private keys are stored in their servers) but they support phones so It's up to you.

I would rather wait for the vulnerability to get fix by Coinomi instead of going to Jaxx which has history of hacks. Of course there is the ever reliable Electrum however, it only supports bitcoin though.

Thank you for this information, in fact I have never used a coinomi wallet, this information will be very helpful for those who use the coinomi wallet. I hope this problem can be resolved quickly so as not to harm the person who has trusted and used the coinomi wallet. Watch Out!

Yes, I have coinomi wallet and I'm pretty disappointed with the way they handle the issues. Although I only hold small amounts of altcoins in my wallet, but still this is a scary one seeing you address transmitted in plain text across the network.
Pages:
Jump to: