Last month, Samsung, a consumer electronics giant and one of the biggest companies worldwide, has released a blog post on its ‘Insights’ section, arguing that smartphones are the best avenue in keeping your digital tokens safe. According to the company, “smartphone-based cryptocurrency wallets are the best approach to short-term and medium-term storage ― that is, “spending money,” the amount you might choose to carry with you in your real wallet.“
Joel Snyder, the author of the Samsung blog post, has claimed that smartphones have the edge over laptops due to their Trusted Execution Environments (TEE), as the TEE “is a separate execution environment with its own memory and persistent storage, completely isolated from the rest of the device.“ Snyder further stated that “The Android OS can’t reach into the TEE, even if the former is completely compromised.” Meanwhile, laptops do not run TEEs in their operations.
However, The Next Web has since asked a bunch of security experts for their take on the situation and the answers were quite different from what Samsung had to say. Even though TEEs offer a higher degree of security, smartphones are nowhere near being immune to crypto hacker probes.
Bitcoin developer Jameson Lopp explained that “Having a TEE is certainly better than not having a TEE because the private keys themselves are better protected. However, there still exist quite a few attack vectors that can happen elsewhere in the software stack. Malware can affect other critical components of the wallet operation while creating a transaction, resulting in the funds being sent to an attacker’s address.“
Matthew Green, a cryptography professor at the prestigious John Hopkins University commented that while TEEs are “less vulnerable to simple malware“, they are far from being bulletproof as, “sophisticated malware might not be able to extract the keys from the TEE, but by compromising an app they might be able to cause the TEE to make a payment of your funds.“
Also, Mr. Green pointed out that “the quality and security of TEEs differ” depending on their manufacturer and previous security vulnerabilities have already been reported. Nonetheless, he maintained that TEEs definitely do make things harder for the attackers.
Mikko Hyppnen, the security expert at F-Secure admitted that for those actively using virtual currencies for trading or payments, a smartphone wallet program is basically a must and a “practical choice”. However, the so-called hardware “cold wallets” are still superior to smartphone apps, as they are “built with minimal feature sets in order to reduce the total number of attack vectors. They are always going to be safer than any wallet that is running on a full-fledged operating system.”
Thus, even though TEEs add an additional layer of security, the complexity that comes with them also opens new avenues for attacks, which would not work on hardware wallets.
In the end, “As the old security adage goes, complexity is the enemy of security,“ told Mr. Lopp.
Image Source: “Flickr”