*warning* Two current security issues with mobile devices

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: extrabyte on August 10, 2016, 06:39:28 PM

Quote from: DooMAD on August 10, 2016, 02:35:01 PM

...
Secondly, some wallets are automatically backing up private keys to the cloud. Keys stored online are potentially a serious security risk. Make sure your apps aren't doing this, or if they have, move your funds to new addresses immediately.

It's generally good practice to only keep small amounts on portable devices in the event of physical loss or theft anyway. Larger sums should be locked away in cold storage, offline, somewhere secure.

I didn't know that the private keys are hosted on the cloud for the greenaddress app, I think it is dangerous if their cloud gets hacked so the hacker can spends our bitcoin without getting noticed. I prefer more to store small amounts on mobile if we travel or we need to, but the cold wallet should be offline.

Greenaddress can more or less be considered as a hybrid wallet. They do not store your mnemonic and thus have no access to it. They do create and send a password to the server and they will provide it only if the pin that the user set is correct. Without it, the mnemonic will remain encrypted. The pin was stored on Google's server encrypted.

Smartphones are certainly not designed to be bulletproof against attacks since the OS is not really suitable for storing sensitive information. Phone wallets are good for paying conveniently while you're outside. Just be sure to treat the wallet as a day to day wallet and not store majority of your coins there.

Dassi

sr. member

Activity: 252

Merit: 250

I don't use moblie wallets anyway. I use electrum Grin

streazight

hero member

Activity: 910

Merit: 502

Quote from: DooMAD on August 10, 2016, 02:35:01 PM

Just to make everyone aware, there are a few security risks presently affecting mobile devices that require people to be vigilant.

Firstly, there are still fake, malicious wallets circulating on the App Store, always make sure you use download links from a reputable source.

Secondly, some wallets are automatically backing up private keys to the cloud. Keys stored online are potentially a serious security risk. Make sure your apps aren't doing this, or if they have, move your funds to new addresses immediately.

It's generally good practice to only keep small amounts on portable devices in the event of physical loss or theft anyway. Larger sums should be locked away in cold storage, offline, somewhere secure.

I knew about the firts one but the second one was a surprise.
I did not know they save those private keys to the cloud and it could make our wallets vulnerable to hacks. I basically only use xapo app as I don't trust other wallets but I am aware of these wallets being more exposed to attacks due to mobile viruses.

Kprawn

legendary

Activity: 1904

Merit: 1074

It is so easy to make these basic mistakes when you are a newbie, you hear about Bitcoin and you hear about Bitcoin wallets and the first thing you do, is to download some wallet that looks legit and

then the shite hits the fan. It's posts like this that actually gives insight into the problem and people become aware about their mistakes. We should have loads more articles on the subject and more

indebt analysis on Android based Bitcoin wallets. Some wallets spoof the genuine wallets and people do not even notice it. Roll Eyes

bitbunnny

legendary

Activity: 2912

Merit: 1068

WOLF.BET - Provably Fair Crypto Casino

Mobile phones and the apps, specially for Android are still more vulnerable then computers. That is the reason to be more careful with Bitcoin wallets too. And it is wise to have some antivirus and anti-spy software installed. Malwares are another way that your coins coudl be stolen.

serjent05

legendary

Activity: 3010

Merit: 1280

Get $2100 deposit bonuses & 60 FS

Thanks for the warning, I haven't thouht about this issue when using mobile wallet. Now that I know of these I might check the app im using if it should be deleted or should I keep it. There are really lots of things especially security to be improved in mobile app device especially the one that is an application for holding currency.

hasiramasenju

legendary

Activity: 980

Merit: 1000

that was good warn and i have experience download mobille wallet from App Store because i want to use my smartphone for controling my bitcoin but my friend has told to me that those wallet are malicious wallet and he has save me and my bitcoin because i remove those application immediately and since that i was never interested to using wallet from App Store again

Supercrypt

legendary

Activity: 1554

Merit: 1054

Quote from: entrepmind23 on August 12, 2016, 06:34:51 AM

Quote from: jhenfelipe on August 11, 2016, 12:59:14 AM

Nowadays, it's been really hard to trust any sites/apps that will hold our bitcoin earnings. It would be better to use those that are trusted, used by most users, reputable, and have positive reviews. Making research first may help. Another thing, I think it's okay to use more than one wallet, so that in case something's happened, you won't lose all your earnings. Just my opinion

As much as possible, we should avoid using wallet that has no reputation and a review of users that it is really a dependable and trusted site. It's convenient to use a mobile wallet but safety should come first. If someone opt to use a mobile wallet then it should only be for small amounts so that when there are problems and someone try to steal it then only a small amount will be lost.

Even reputable apps can have bugs that could leak a user's wallet details and even google play store apps have mostly fake reviews or paid reviews that can not help you determine which app is genuine or not. It is better to login from your
mobile browser to blockchain or wallets that are trustworthy.

beerlover

legendary

Activity: 3052

Merit: 1188

Quote from: Hirose UK on August 13, 2016, 08:02:37 AM

Quote from: smoothie on August 10, 2016, 03:43:34 PM

Or just don't use mobile wallets entirely. Has worked for years so far with no problem and also utilizing cold storage.

I do the same, and no problem so far. I open my online wallet on my phone, but I don't download the app. then I use 2 factor authenticator. it's secure enough.

so the point of problem here is mobile wallet, just don't use it, that's simple.

anyway thanks for the warning.

Mobile wallets' only superiority against all the other wallets is that you can carry it whenever wherever and check your balance just as long as you have internet connection.
However, other than the risks provided by OP, phones are vulnerable to hacks like when you're connecting to a wifi from a public area. They can maybe access your phone and steal your funds from your wallet.

Hirose UK

hero member

Activity: 1302

Merit: 503

Leading Crypto Sports Betting & Casino Platform

Quote from: smoothie on August 10, 2016, 03:43:34 PM

Or just don't use mobile wallets entirely. Has worked for years so far with no problem and also utilizing cold storage.

I do the same, and no problem so far. I open my online wallet on my phone, but I don't download the app. then I use 2 factor authenticator. it's secure enough.

so the point of problem here is mobile wallet, just don't use it, that's simple.

anyway thanks for the warning.

pereira4

legendary

Activity: 1610

Merit: 1183

Quote from: tobacco123 on August 13, 2016, 01:25:40 AM

Thanks for the warning. For me, I only keep a small amount of bitcoin in my mobile for just in case- I don't have a strong password for my phone but that's ok with me. I do keep some in Coinbase (desktop web based) and mostly in paper wallet.

I don't even bother with a strong password in my phone... just a 4 digit pass similar to how you have to put usually 4 digits to unblock your phone card. Since you should never carry anything valuable in a phone, it seems enough. You don't want to forget the password. Leave the long passwords for PC.

isvicre

hero member

Activity: 826

Merit: 1000

Mobile wallets are fine for small transaction. They are very convenient, theres no reason to completely avoid them like many in this thread suggest.

Herbert2020

legendary

Activity: 1946

Merit: 1137

Quote from: tobacco123 on August 13, 2016, 01:25:40 AM

Thanks for the warning. For me, I only keep a small amount of bitcoin in my mobile for just in case- I don't have a strong password for my phone but that's ok with me. I do keep some in Coinbase (desktop web based) and mostly in paper wallet.

can you explain what is the point of having a mobile wallet when you are using a web wallet like coinbase, you can open coinbase on your cell phone and send/receive or is there any extra functionality that you are looking for in the mobile wallet?

tobacco123

sr. member

Activity: 552

Merit: 250

Thanks for the warning. For me, I only keep a small amount of bitcoin in my mobile for just in case- I don't have a strong password for my phone but that's ok with me. I do keep some in Coinbase (desktop web based) and mostly in paper wallet.

xdrpx

hero member

Activity: 616

Merit: 603

I'm so afraid to install any Bitcoin wallet apps or banking apps from the app store, that I have none installed at the moment. I have Mycelium wallet on my android phone though which I've been using since ages, and it seems to be pretty good and safe. Apple should get very serious in what apps they accept in the store after proper screening.

drwtsn32

sr. member

Activity: 476

Merit: 250

I have never trusted an online or mobile wallet since I used bitcoin.
I feel like my money is in some sort of lake with just a fence as security.
That's why the wallet I use is at least based in my country.

0209BitTradoo

newbie

Activity: 41

Merit: 0

Quote from: beerlover on August 12, 2016, 09:40:23 AM

Besides that, phones are generally easy to hack and highly vulnerable to attacks, especially when connected to a public wifi. A certain hacker that sets up a public wifi can easily access all information stored in a phone so having a wallet used for long term storage in a phone is highly unadvisable.

Turn off wifi whle unused.Don't make auto detect/scanning.Better be manual. AFAIK data connection in safety status .

beerlover

legendary

Activity: 3052

Merit: 1188

Besides that, phones are generally easy to hack and highly vulnerable to attacks, especially when connected to a public wifi. A certain hacker that sets up a public wifi can easily access all information stored in a phone so having a wallet used for long term storage in a phone is highly unadvisable.

x4

hero member

Activity: 1106

Merit: 508

This thread is very helpful for all bitcoin user and the same time a mobile user like me. But I've never download an mobile wallet app just everywhere from google or even playstore I always go to their main site and download from there or a link from them redirect to play store. Thats always even the app has an update.

Slark

legendary

Activity: 1862

Merit: 1004

And this is is a reason I don't have any personal information stored on my mobile device. I also don't use mobile wallets at all.
We are not in the advanced adoption phase which will require me to use my mobile wallet on daily basis.
Some people who use mobile wallets are doing it not because it is necessary or comfortable but because they want to show off.

Topic: *warning* Two current security issues with mobile devices (Read 2139 times)

Topic: warning Two current security issues with mobile devices (Read 2139 times)