Smartphones Are the Safest Devices to Store Cryptocurrency, Samsung Says

Omar Faridi
  • Samsung Electronics says smartphones are the safest device to store cryptocurrency.
  • “Spendable” digital currency can be securely stored on smartphones because of a Trusted Execution Environment (TEE).

Samsung Electronics, one of the world’s largest smartphone manufacturers, recently stated in an official blog post that mobile-based crypto wallets are the best and safest option for cryptocurrency “short-term and medium-term storage.”

The post explains that smartphone-based cryptocurrency wallets are a fairly secure place to hold digital “spending money,” equivalent to the amount of fiat one would keep in a physical wallet. For storing cryptocurrency on a long-term basis, Samsung recommended creating several backups of the private key associated with crypto wallets.

Offline Storage Preferred

The smartphone maker added that private keys should be stored offline to maximize security, which means they should not reside on a mobile phone or any other device regularly connected to the internet. Samsung added that private keys are to be kept in cold storage (offline) to maximize protection.

Samsung’s blog post argues that smartphone-based crypto wallets are the safest place to store “spendable” cryptocurrency because of a mobile phone feature called Trusted Execution Environment (TEE). The TEE runs in its own independent execution environment, which means that its random-access-memory (RAM) and persistent storage (usually a hard-drive) are separate from a smartphone’s main operating system.

Due to a separate run-time environment, the Android OS can’t directly access the TEE, even if the operating system has been hacked. Moreover, the TEE can only be accessed via an application programming interface (API), Samsung’s blog notes.

The smartphone manufacturer refers to the small-sized apps in the TEE as “trustlets” and notes that all reliable mobile-based cryptocurrency wallets restrict and control access to users’ private keys by keeping them in seemingly impenetrable trustlets.  Per Samsung, this helps ensure “security is seriously tight,” as it’s nearly impossible for malware to reach private keys stored this way.

Vulnerabilities Still Exist

The smartphone company added that its Samsung Knox platform’s TEE provides an even greater level of security. It warned that since TEE hardware is not available on laptop and desktop computers, the private keys stored in these devices may be easily compromised.

Despite the high level of security TEEs offer, Samsung claims a novice programmer can potentially make the mistake of designing a crypto wallet that stores private keys on a smartphone’s hard drive, making it vulnerable to hackers. Moreover, wallets themselves can be infected with malware on purpose.

Interestingly, Samsung’s blog post comes shortly after Ethereum wallet interface MyEtherWallet released a ‘hardware wallet’ app beta for iOS, which it claims could give users the same security cold-storage solutions do.

Coinbase Doesn’t Want You to Get Scammed on Telegram

On Friday (April 19), cryptoasset exchange Coinbase's security team explained how various "threat actors" are trying to use Coinbase's brand to commit scams on messaging platform Telegram. 

Telegram is a free cloud-based messaging app with the ability to make voice/video calls. It is available as a web app, a mobile app (OS and Android), and a desktop app (MacOS, Windows, and Linux). In recent years, it has become the messaging platform of choice for cryptocurrency traders/investors, developers, and entrepreneurs for various reasons, such as the ability to create price bots.

In a long, detailed article published on Friday, Matt Muller, Head of Security Operations at Coinbase, started by pointing out that "Coinbase does not provide support through Telegram, nor do we have any authorized groups or channels." (In fact, "Coinbase has no official presence on Telegram," and "any usage of the Coinbase logo or brand on Telegram" should be considered a scam.)

He then went on to say that Coinbase's security team has been following the activities of "several threat actors attempting to leverage the Coinbase brand on Telegram for purposes ranging from crypto scams to account takeovers." 

In order to help users of Coinbase and other exchanges recognize "the signs that they may be talking to a scammer," Muller outlined some of the most common scam techniques on Telegram.

  • Employment Scams"Scammers on Telegram impersonate Coinbase recruiters and executives with fake career opportunities. These scams prey on job seekers, soliciting payment for training materials, mining hardware, or in some cases providing stolen financials for the purposes of money laundering. These job offers will appear very legitimate, with forged offer letters and seemingly astute interview questions. Coinbase recruiters will never contact job seekers via Telegram."
  • Giveaway Scams: "Impersonations of our executives and brand to perpetuate giveaway scams are becoming increasingly common on Telegram. One channel in particular, titled simply Coinbase, advertises a new giveaway scam almost daily."
  • Load-up Scams: "Telegram frequently hosts scammers advertising the buying or 'loading' of accounts with high limits. These scammers ask to access your Coinbase account, so they can use your verified limits to buy digital currency. While they claim to split profits with the account holder, in actuality, they use stolen credit cards and bank accounts, leaving you responsible for facilitating a financial crime. When the legitimate card or account holder reverses payments, you will be responsible for any account delinquencies caused by the fraudulent bank reversals. In many cases, the scammer will lock you out of your account, use your own payment methods without consent and steal any available digital currency."
  • Tech Support Scams: "Scams impersonating customer support take many shapes and sizes... Scammers will impersonate Coinbase or Coinbase employees, asking you to take action that results in theft of digital currency. Some scams involve fake promo offers. Many of these scams ask for remote access to your computer, something Coinbase personnel will never ask for... In other situations, the scammers pressure you into 'upgrading' or securing your Coinbase account by sending digital currency to their external address."
  • Coin Listing and ICO Scams: "Scammers on Telegram often approach project developers soliciting payment for asset listings on Coinbase and other digital asset exchanges. In addition, scams promising investment bonuses on new ICO listings are prolific."

Featured Image Credit: Photo by "geralt" via Pixabay.com