Receive all Cointelegraph news immediately in Telegram.
Gary Miliefsky explains why smartphone wallets are at risk, and how to protect your Bitcoin against theft.
From the theft of $230,000 from ShapeShift to the DAO hack, large amounts of cryptocurrency can be stolen through security breaches if the owner does not take the necessary safety precautions.
Of particular vulnerability are mobile devices, which can be subject to a host of attacks through apps that are spyware in disguise. CoinTelegraph interviewed Gary Miliefsky, CEO of cyber-security firm SnoopWall, about the security risks facing mobile device Bitcoin wallet users.
CoinTelegraph: Bitcoin smartphone wallets: how secure are they?
Gary Miliefsky: Smartphone wallets are completely insecure. There have been over 500 million downloads of emoji keyboards: keyloggers, spyware disguised as friendly emoticon keyboards. When you startup your smartphone wallet the first time, you may enter bitcoin info or add username/password credentials. These are shipped off to criminal servers remotely because of this kind of keyboard malware.
Many of these QR code and barcode scanners come from legitimate sources like eBay, Zxing, Scan Inc, and DroidLa. Despite this, SnoopWall still deems many of them voluntary creepware. The reason for this is that many have intrusive permissions that allow them to geolocate you, read your contacts, access USB storage, read your call log, make phone calls, and even record audio. Most of these permissions are legitimate, as most of these apps allow the user to generate information like phone numbers, contacts, and locations as scan-able QR codes.
CT: Is this only a concern with aftermarket keyboards, or does this happen with standard iPhone and Android keyboard apps?
GM: Aftermarket keyboards. In addition, on android just about any app can spy on you. For example, our favorite flashlight apps (third party) spying on you while you take a picture of a QR to scan a bitcoin, etc. Android more risky than iPhone.
CT: What are some best practice tips for Bitcoin smartphone wallet users?
CT: So you would recommend against doing Bitcoin transactions over wifi
GM: Too risky to easily man in the middle. They call this EVIL AP and there are others, but it's very easy. Unless you understand what rev of TLS/SSL you are running, if the wifi is encrypted, if you trust the wifi (not spoofed by hackers)...lots of issues.
CT: You mentioned QR code scanners and flashlights being dangerous. Are there any that are secure to use?
GM: Only those that have OPEN Source code or don't use internet or other ports. You can dig through them online using this criteria. My team made 'privacy flashlight' to prove it and it's 200 kilobytes open source, whereas the average flashlight is 3-10 megabytes! Just look for permissions used, maybe pay for one from a trustworthy party. I even think Symantec figured this out and made a 'secure' QR reader.
CT: Is there any way to get spyware apps taken down, or is it simply a matter of "buyer beware"?
GM: Buyer beware. I've tried...no one listens. Apple, Google, Microsoft - they like their (dirty little secret) advert libraries. [They] recompile your app with their spyware libraries (oops, I mean consumer analytics) and you can do anything! Just share the 'ad revenues' even if none, while you pleasantly steal PII.
CT: What got you into the privacy protection game?
GM Couple things:
Follow us on Facebook
For updates and exclusive offers, enter your e-mail below.
Thank you for contacting us! We will reply to you as soon as possible.
Thank you for your interest in our franchise program.
We are considering your request and will contact you in due course. If you have any further queries, please contact: