Ledger CTO Explains Why Smartphones Won’t Ever Be Fully Safe for Using Crypto

Published at: June 1, 2020

Cointelegraph interviewed the CTO of Ledger, Charles Guillemet, to learn more about the best practices in securing cryptocurrencies for average users.

Ledger is a major producer of hardware wallets, which store cryptocurrency seeds on a dedicated device. As Guillemet explained, hardware wallets protect against possible malware on the user’s computer or mobile device. Both storage and transaction signing are performed on the wallet, which makes sure that the seed is never seen by the device it’s connected to.

Ledger uses a chip based on Secure Element technology, which he says is an ideal protection against physical tampering. 

Recent moves by Samsung to integrate similar technology in their blockchain-enabled phones carry the promise of making smartphones just as safe as hardware wallets, but Guillemet warned that they won’t solve every problem.

Usage is still unsafe

Guillemet said that manufacturers can use hardware to make cryptocurrency storage safer, by using a technology called integrated secure element:

“In terms of storage, there is no debate. The seed is inside this secure element, and it is very comparable to the secure element that you can find in the [Ledger] Nano S.”

But the proposition changes when the secure element must be unlocked to make a transaction. The problem is the display of the phone, where Android does not give any guarantees that the data shown on it will be accurate — a feature called “Trusted Display.”

That opens the path to a sneaky malware attack:

“You would say, ‘Okay, I'm sending one Bitcoin to this specific person.’ [...] The thing is that you can add malware which will swap the address to which you want to make a transaction with another one, and display to you the address you think you’re about to send to.”

Ledger’s wallets, on the other hand, were developed with the necessary Trusted Display feature, said Guillemet.

Should you worry about malware?

Guillemet noted that right now, phishing attacks and SIM swapping attacks are the most widespread. “These kinds of attacks are very cheap social engineering techniques, but still, they’re very efficient,” he added.

But when the stakes are higher and users begin using better security practices, malware-based attacks are likely to become more common, he cautioned. On mobile phones, no matter if it’s an Android or an iPhone phone, “it’s very difficult to have secure applications,” according to Guillemet.

Tags
Related Posts
Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw
Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability. According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph: “It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever …
Technology / July 6, 2020
Cryptosat’s first nanosatellite blasts off Wednesday on SpaceX rocket
If all goes to plan, Wednesday’s SpaceX rocket launch in Florida will blast a “crypto-satellite” into low Earth orbit, paving the way for secure blockchain-related cryptography in space. Cryptosat, as the name hints, is the company that created Crypto1, a crypto-satellite module hitching a ride aboard a Falcon 9 rocket for SpaceX’s Transporter 5 mission. The blockchain satellite technology has already been trialed on the International Space Station. “We’re basically joining the Uber of spaceflight,” co-founder of Cryptosat Yonatan Winetraub told Cointelegraph, “Everybody goes into the same orbit and we’re one of the passengers.” “SpaceX launch a bunch of satellites, …
Technology / May 25, 2022
Hardware crypto wallet sales increase as centralized exchanges scramble
Blockchain analysis firm Glassnode recently characterized the 2022 bear market as the worst on record. This seems to be the case due to events such as the war in Ukraine and rising inflation, coupled with serious problems among centralized crypto exchanges. Yet, the bear market hasn’t negatively impacted all players in the crypto ecosystem. Hardware wallet providers seem to be benefiting from the massive amount of crypto withdrawals from centralized exchanges. Pascal Gauthier, CEO of hardware wallet crypto firm Ledger, told Cointelegraph that the company’s revenue dropped about 90% during the 2018 crypto winter, but this hasn’t been the case …
Decentralization / July 6, 2022
Ledger wallet company passes official security audit
Ledger, a crypto company providing a number of hardware wallet solutions, has obtained a successful System and Organization Controls, or SOC, Type 1 test. Friedman LLP, a New York-based accounting firm, ran the SOC 2 Type 1 test on Ledger, according to a statement provided to Cointelegraph: "By obtaining the SOC 2 Type 1 report, we are now able to provide an additional layer of verified security to our clients, assuring that the Vault solution is secured at all times and that we have the processes in place to ensure availability." A crypto storage solution for larger players and companies, …
Business / Oct. 9, 2020
Simple in practice: Crypto education is key to curbing phishing scams
As the global crypto economy continues to prosper, with Bitcoin (BTC) currently occupying the $15,500 region, questions regarding the overall safety and security of digital assets continue to persist, especially in the wake of a new scam whereby hackers made use of a phishing email to direct users to a fake Ledger website. According to various reports, victims were scammed to the tune of 1,150,000 XRP, worth approximately $290,000. Dave Jevans, CEO of blockchain intelligence firm CipherTrace and chairman of Anti-Phishing Working Group, told Cointelegraph, “Ledger should clearly have a more aggressive defensive domain acquisition strategy, as look-alike domains were …
Technology / Nov. 11, 2020