Samsung Electronics argued that smartphones are the best secure storage option for contemporary cryptocurrencies early last month but a number of experts interviewed by The Next Web are now dismissing those claims, pointing to a number of shortcomings of such solutions. The South Korean technology giant previously argued that Trusted Execution Environments (TEEs) supported by some modern handsets, including those from its own portfolio equipped with the Knox security platform, are extremely suitable for storing a broad range of data, including blockchain assets.
While none of the interviewed experts argued against the very concept of TEEs and agree that having them is better than not having them, most pointed to smartphones themselves being vulnerable to a wide variety of other attack vectors, many of which could also compromise such sandboxed environments in certain cases, depending on the implementation. Cryptography professor Matthew Green and Bitcoin developer Jameson Lopp share that view, though they’re quick to point out that speaking in hypotheticals on such topics is largely frivolous and details of specific cases and platforms are extremely important to answering the question whether TEEs by themselves are secure enough to be recommended as the go-to cryptocurrency storage solutions, which is what Samsung claims.
Since TEEs would still have to accept requests from third-party apps in order to actually be useful as cryptocurrency management solutions, compromising those mobile tools would be enough to steal someone’s digital money without ever glancing at the complex protection mechanisms utilized by sandboxed environments, Mr. Green argues. The sole fact that smartphones are a breed of always-connected devices that are constantly communicating with either cellular networks, Wi-Fi, or both makes the number of their potential vulnerabilities much greater as exploiting any factor in the communication equation that includes them could allow attackers to compromise cryptocurrency holders and steal their assets. Over $760 million worth of cryptocurrency has been stolen in 2018 alone, with attacks targeting blockchain-based holdings being expected to become more numerous in the near future.