Ledger CTO Explains Why Smartphones Wont Ever Be Fully Safe for Using Crypto

Tuesday 6 June 2020, 6:29 AM AEST - 1 month ago

Recent developments led by some smartphone manufacturers aim to use hardware to make the system more secure, but it wont protect from all attacks, cautions Ledgers CTO.

Cointelegraph interviewed the CTO of Ledger, Charles Guillemet, to learn more about the best practices in securing cryptocurrencies for average users.

Ledger is a major producer of hardware wallets, which store cryptocurrency seeds on a dedicated device. As Guillemet explained, hardware wallets protect against possible malware on the users computer or mobile device. Both storage and transaction signing are performed on the wallet, which makes sure that the seed is never seen by the device its connected to.

Ledger uses a chip based on Secure Element technology, which he says is an ideal protection against physical tampering.

Recent moves by Samsung to integrate similar technology in their blockchain-enabled phones carry the promise of making smartphones just as safe as hardware wallets, but Guillemet warned that they wont solve every problem.

Usage is still unsafe

Guillemet said that manufacturers can use hardware to make cryptocurrency storage safer, by using a technology called integrated secure element:

In terms of storage, there is no debate. The seed is inside this secure element, and it is very comparable to the secure element that you can find in the [Ledger] Nano S.

But the proposition changes when the secure element must be unlocked to make a transaction. The problem is the display of the phone, where Android does not give any guarantees that the data shown on it will be accurate — a feature called Trusted Display.

That opens the path to a sneaky malware attack:

You would say, Okay, I'm sending one Bitcoin to this specific person. [...] The thing is that you can add malware which will swap the address to which you want to make a transaction with another one, and display to you the address you think youre about to send to.

Ledgers wallets, on the other hand, were developed with the necessary Trusted Display feature, said Guillemet.

Should you worry about malware?

Guillemet noted that right now, phishing attacks and SIM swapping attacks are the most widespread. These kinds of attacks are very cheap social engineering techniques, but still, theyre very efficient, he added. ...

Read full story on Cointelegraph