Samsung: Smartphones Most Secure for Cryptocurrencies

Dennis Faas's picture

Samsung Provokes Debate with Claims that Smartphones Are The Most Secure for Cryptocurrencies

Last month, leading Samsung author Joel Snyder penned a blog post in which he made the bold assertion that smartphones encompass the best security for owning, trading and managing cryptocurrency. He put this down to the Trusted Execution Environments (TEEs) in which smartphones, and particularly those developed by Samsung, operate.

A trusted execution environment (TEE) is a secure area of a processor found on smartphones (not PCs), originally developed in 2010 by Open Mobile Terminal Platform consortium. A TEE guarantees that a program cannot overstep its boundaries and arbitrarily grab data from another running process, or leak data to another process. It can be thought of as data stored inside of a protected environment on the device, with respect to confidentiality and integrity.

According to Snyder, TEEs make smartphones the best and safest choice for managing Bitcoin wallets (specifically), and puts them a step ahead of laptops and PCs.

Is he right? The broader industry is less than convinced.

More Adoption Means Security is Paramount

Despite (or perhaps in part due to) the volatility of the market, cryptocurrency adoption continues to grow.

Investors are looking to both the familiarity of Bitcoin, Ethereum and Litecoin, as well as innovative variations on the cryptocurrency theme like IOTA, a relatively new entrant that is built using an Internet of Things (IoT) infrastructure as opposed to using a blockchain to record the transaction.

To investors, the technology that underpins their investments falls into the category of "interesting," but only from an idle curiosity perspective. What they really want to know is whether their money is safe.

There's More to it Than Trusted Execution Environments (TEEs)

One of the big names to have spoken up in opposition to Snyder's claims is renowned Bitcoin developer Jameson Lopp.

Lopp agrees that TEEs provide valuable safeguards, but warns that they only protect from one direction. This can be likened to the usefulness of a five-lever mortice lock on the front door for keeping burglars out of your house - but only offers limited benefit if the patio door is wide open out back.

He said: "Malware can affect other critical components of the wallet operation while creating a transaction, resulting in the funds being sent to an attacker's address." Lopp went on to comment that he would only keep as much cryptocurrency in a smartphone wallet as he would keep cash in a physical one.

Matthew Green, a Professor of Cryptography at John Hopkins University agrees on both counts. He echoed Snyder's praise of TEEs, describing them as a "good thing" for making life more difficult for hackers. However, he agreed with Lopp that all it takes is one sophisticated malware attack to compromise the wallet.

What's the solution?

Clearly, there is a place for smartphones and smartphone wallets in the new age of spending, trading and investing in cryptocurrencies. Smartphone apps make trading straightforward, and for traders, a smartphone that runs TEEs is an obvious choice, offering more convenience and better security than a PC or Mac.

However, while trading is one thing, long term storage is another. Even Snyder acknowledges that when you have a significant amount of cryptocurrency and are planning to hang on to it for the long term, a hardware wallet is the most secure option. A hardware wallet is a special type of bitcoin wallet which stores the user's private keys in a secure hardware device, which are immune from malware; that said, this type of setup lacks the convenience of a smartphone.

In days gone by, we kept our riches locked away in underground vaults, while retaining a few gold coins in a money bag close to hand. The optimum way of handling cryptocurrency in the 21st century is really not so different.

Rate this article: 
Average: 5 (3 votes)

Comments

Dennis Faas's picture

The TEEs are an interesting concept, though if hardware wallets are considered "more secure" for the long term then I have to wonder why smartphones don't simply integrate a "hardware wallet" as part of a smartphone. Perhaps it's because hardware wallets are dedicated devices that don't run other applications like smartphones do.

That aside I'm still on the fence when it comes to using cryptocurrencies simply because (a) they're anonymous which means they almost always used by cyber criminals, and (b) they fund cyber criminal scams, especially ransomware attacks.

Here's another way to look at it: if cryptocurrencies did not exist would we still have huge ransomware attacks infecting hospitals and major corporations? Most likely not. The reasoning is that it would be difficult for the criminals to receive the funding because it would have to go through a lot of red tape (banks, governments, etc) - not to mention it would be harder to acquire since it's not an instant payment.

Focused100's picture

Hi Dennis

I agree you you completely.
Bitcoin and its ilk are too volatile for my taste.
Plus there's the ransomware issue as well.