In a blog post in July, a Samsung author claimed that smartphone-based cryptocurrency wallets have the “edge.” The Next Web has since asked security experts for their views, and they don’t entirely agree.
Samsung suggested that “smartphones have the best security for blockchain and cryptocurrency.” The author, Joel Snyder, puts this down to smartphone (and Samsung) Trusted Execution Environments (TEEs). Snyder explained:
The TEE is a separate execution environment with its own memory and persistent storage, completely isolated from the rest of the device.
Smartphones are Better Than Laptops
If a wallet runs the right “trustlets” to manage security keys “security is seriously tight,” says Snyder. Laptops don’t run TEEs so it’s argued that versus smartphones, smartphones edge out as a better choice.
The Next Web spoke to a handful of experts. This includes Bitcoin$7006.84 -0.71% developer Jameson Lopp who agrees that TEEs give security benefits, but that attacks can happen elsewhere in the software stack. Lopp says:
Malware can affect other critical components of the wallet operation while creating a transaction, resulting in the funds being send to an attacker’s address.
Lopp would only keep as much cryptocurrency in a single signature smartphone wallet as he’d keep in a conventional cash wallet.
Matthew Green, a Johns Hopkins cryptography professor, also agrees that TEEs are a “good thing” and make “hacker’s jobs more difficult.” But, when an application makes a request to a TEE like “send Bitcoins to a specific person,” the TEE protects the keys. However, sophisticated malware might be able to compromise the application. Green said:
Even obvious countermeasures like requiring a password only help a little, since a particularly sophisticated piece of malware can just wait for you to enter the password in order to make a legitimate transaction.
The quality of TEEs can be an issue, security issues have been identified even in those developed by Qualcomm and Trustzone.
For smartphones, constantly being connected to Wi-Fi networks, also increases risks.
Hardware Wallets are the Best
F-Secure security expert Mikko Hyppönen also told The Next Web’s Hard Fork that smartphones are practical for trading and those with TEE would “clearly” be better than using a PC or Mac. For storing large amounts of cryptocurrency he recommends using a specialized cryptocurrency hardware wallet, as does Lopp.
Snyder, in the Samsung blog post, acknowledges that hardware wallets are better for “long-term cold (offline) storage,” but lack convenience, so are “poorly adapted for frequent use.”
In summary, smartphones running TEEs are better for storing cryptocurrencies than laptops, PCs, or Macs. For long-term or high-value storage, cryptocurrency hardware wallets are certainly the best solution.