[ad_1]
At first glance, the concept of a smartphone-based hardware portfolio is attractive. Due to the ubiquity of mobile devices, such solutions could give a considerable boost to the adoption of cryptography. But even for fully sold promoters, the problem raises obvious safety issues.
Samsung claims that their smartphones have the best cryptographic security features. In a blog post last year, the company described its devices as being: "The best approach for short and medium term storage" for private cryptocurrency keys. However, experts (and common sense) should raise serious doubts.
Are "trusted environments" really secure?
With cryptocurrency portfolios, security effectively boils down to the availability of secure storage for private key combinations badociated with transactions.
This is where Trusted Execution Environments enter the scene. A TEE is an isolated hardware-based computing environment with its own memory and storage space that the smartphone's operating system can not access. TEEs are accessible only through a secure API, which uses "trustlets", small applications contained in the TEE.
By using these trustlets for managing private keys, smartphones portfolios can theoretically achieve a high level of security.
The complexity of a smartphone is not a friend of the security
TEEs may not be vulnerable to compromised operating systems, but because of the nature of the platform on which they operate, they are still exposed to an impressive number of potential attack vectors.
Dedicated applications can be compromised and can be programmed to make payments from the TEE when accessed by the user. After all, applications must be able to communicate with the TEE for it to be useful.
The addition of a mandatory pbadword in the security chain does not eliminate the threat either. "A particularly sophisticated malware can simply wait for you to enter the pbadword to make a legitimate transaction," and then reuse your pbadword for fraud, wrote Matthew Green, professor of cryptography at Johns Hopkins University, in an email to Hard fork.
Moreover, the problem of quality can not be ignored either. Security issues have been discovered in the TEEs of some of the largest manufacturers.
Many users also keep their mobile devices permanently connected to cellular and WiFi networks, which opens up even more possibilities for potential exploits.
Can Blockchain seal security holes?
A solution to these security problems could involve supplementing existing systems with blockchain-based security. HTC's first attempt at exodus, a phone powered by the blockchain, has leveraged DLT's privacy credentials with the addition of a second operating operating system. in parallel with Android.
Exodus uses dAPs, which – at least in theory – could completely eliminate security vulnerabilities from traditional applications. However, it should be emphasized that the security of the application depends entirely on the objectives and intentions of those who create these applications.
In the case of Exodus, the hardware portfolio, Zion, comes with the phone, so it should be completely safe from exploits. Users who lose their private keys can still use a social recovery feature to recover their funds.
Blockchain in effect
The XPhone Pundi X goes even further in this approach. Powered by Function X, an operating system based on a chain of blocks, the phone itself is a chain node, no longer using centralized mobile operators to perform its functions. For the moment, the XPhone can be used for calls via existing cellular networks, but it has a blockchain call feature, which may become the preferred option for private calls in the future.
XPhone may not be as revolutionary as its creators hope, but it could still offer significant benefits. A platform such as Function X eliminates the security vulnerabilities of an existing full-fledged mobile operating system, such as Android, greatly improving the feasibility of smartphone encryption wallets. Function X functions also include private messaging and data transmission, positioning the XPhone as a potential host platform for such complex applications as security tokenization and trading.
In its early days, blockchain technology may still be looking for a problem to solve, but with blockchain phones and full property data, one of its first real and real applications could be imminent.
The author is invested in digital badets.
[ad_2]
Source link
