Smartphones Are the Safest Devices to Store Cryptocurrency, Samsung Says

Omar Faridi
  • Samsung Electronics says smartphones are the safest device to store cryptocurrency.
  • “Spendable” digital currency can be securely stored on smartphones because of a Trusted Execution Environment (TEE).

Samsung Electronics, one of the world’s largest smartphone manufacturers, recently stated in an official blog post that mobile-based crypto wallets are the best and safest option for cryptocurrency “short-term and medium-term storage.”

The post explains that smartphone-based cryptocurrency wallets are a fairly secure place to hold digital “spending money,” equivalent to the amount of fiat one would keep in a physical wallet. For storing cryptocurrency on a long-term basis, Samsung recommended creating several backups of the private key associated with crypto wallets.

Offline Storage Preferred

The smartphone maker added that private keys should be stored offline to maximize security, which means they should not reside on a mobile phone or any other device regularly connected to the internet. Samsung added that private keys are to be kept in cold storage (offline) to maximize protection.

Samsung’s blog post argues that smartphone-based crypto wallets are the safest place to store “spendable” cryptocurrency because of a mobile phone feature called Trusted Execution Environment (TEE). The TEE runs in its own independent execution environment, which means that its random-access-memory (RAM) and persistent storage (usually a hard-drive) are separate from a smartphone’s main operating system.

Due to a separate run-time environment, the Android OS can’t directly access the TEE, even if the operating system has been hacked. Moreover, the TEE can only be accessed via an application programming interface (API), Samsung’s blog notes.

The smartphone manufacturer refers to the small-sized apps in the TEE as “trustlets” and notes that all reliable mobile-based cryptocurrency wallets restrict and control access to users’ private keys by keeping them in seemingly impenetrable trustlets.  Per Samsung, this helps ensure “security is seriously tight,” as it’s nearly impossible for malware to reach private keys stored this way.

Vulnerabilities Still Exist

The smartphone company added that its Samsung Knox platform’s TEE provides an even greater level of security. It warned that since TEE hardware is not available on laptop and desktop computers, the private keys stored in these devices may be easily compromised.

Despite the high level of security TEEs offer, Samsung claims a novice programmer can potentially make the mistake of designing a crypto wallet that stores private keys on a smartphone’s hard drive, making it vulnerable to hackers. Moreover, wallets themselves can be infected with malware on purpose.

Interestingly, Samsung’s blog post comes shortly after Ethereum wallet interface MyEtherWallet released a ‘hardware wallet’ app beta for iOS, which it claims could give users the same security cold-storage solutions do.

Young Australian Woman Accused of Stealing 100,000 XRP Pleads Guilty

Siamak Masnavi

Katherine Nguyen, the first Australian charged with cryptocurrency theft, has pleaded guilty.

Background

On 25 October 2018, according to a report in media outlet "news.com.ua", police in the state of New South Wales in Australia arrested a 23-year-old woman from Sydney over the alleged theft of 100,000 XRP tokens.

Apparently, detectives from the State Crime Command’s Cybercrime Squad had set up a task force back in January 2018 to investigate the reported theft of 100,000 XRP tokens from a 56-year-old man. The investigators were told by the alleged victim that he was locked out of his email account for two days in mid-January 2018, but he thinks that his email account may have gotten hacked in December 2017.

After he managed to eventually get back control of his email account, he noticed some suspicious activity involving his cryptocurrency account, and when he checked this wallet, he found that almost all of the crypto there had disappeared.

However, after an approximately ten-month investigation, on 25 October 2018, detectives used a search warrant to get access to the young woman's home, arrested her, and took her to Ryde (a suburb of Sydney) Police station, where they charged her with "knowingly deal with proceeds of crime." 

The police were alleging that the woman (possibility with the help of others) took over the man's email account, changed his password, thereby locking him account, and then set up two factor authentication using a mobile phone number. It is further alleged that she then accessed his crypto account, and transferred his XRP tokens to a crypto exchange in China, where this XRP was converted to Bitcoin.

Latest Development

On Friday (August 23), Australian TV news channel 7NEWS sent out the following tweet:

According to their report, in January 2018, Nguyen, the alleged cryptocurrency thief, "hijacked" the email account of a 56-year old man with the same surname as her. 

The report goes on to say that although Nguyen has pleaded guilty, there is "still some dispute over the exact facts," which will hopefully be "settled at a special hearing in October" (this hearing has been given the task of preparing "a pre-sentence report").

When she is sentenced in October, there is a real possibility that she will have to go to jail.

Featured Image Credit: Photo via Pixabay.com