|
Title: Coinomi: Vulnerability discovered Post by: Yaunfitda on September 28, 2017, 11:48:16 PM Hello guys,
Looks like someone has found a security flaw on coinomi wallet. So please be careful using it. The person who found it says that it is using non-SSL to broadcast transaction which can be decoded and seen in plain text: https://www.reddit.com/r/Bitcoin/comments/72lmql/security_warning_coinomi_wallet_transmits_all/ Title: Re: Coinomi: Vulnerability discovered Post by: aplistir on September 29, 2017, 10:06:31 AM Thanks for the info.
Luckily this wont endanger your private keys, but it does leak all addresses you have in your wallet. Title: Re: Coinomi: Vulnerability discovered Post by: HCP on September 29, 2017, 11:12:17 AM And potentially other information... remember, no SSL means all your communication to the server is in plaintext... anyone along the network path can inspect the data packets and capture the data.
Coinomi haven't exactly done themselves any favours with the way the whole situation has been handled either :-\ Title: Re: Coinomi: Vulnerability discovered Post by: Kemarit on September 29, 2017, 12:00:35 PM There is also another thread discussing about the said vulnerability:
https://bitcointalk.org/index.php?topic=2215088.0 And I put as much detailed as I can regarding it. Even some members just installed it. And potentially other information... remember, no SSL means all your communication to the server is in plaintext... anyone along the network path can inspect the data packets and capture the data. Coinomi haven't exactly done themselves any favours with the way the whole situation has been handled either :-\ Yes, we don't want our bitcoin address exposed, and just what I have said, we need this to be fix ASAP. Others might take advantage of this situation. I don't like either how they handled this situation. Let see how things develop. Title: Re: Coinomi: Vulnerability discovered Post by: jossiel on October 03, 2017, 02:28:58 PM Thanks for the ups I'm not updated with these things though I'm not using them I'm also worried about those people who are using coinomi including my friends.
Reading those comments on reddit, I just noticed why coinomi needs to block the person that decodes and saw this vulnerability. Why they don't want to disclose this thing to their users? they don't want to disappear thousands of their users. I don't like either how they handled this situation. Probably they don't want to be embarrassed. Title: Re: Coinomi: Vulnerability discovered Post by: Yaunfitda on October 05, 2017, 01:18:02 AM It is still unresolved as of today. I'm haven't seen any tweets from them. So its either they totally ignored the issues found or they are fixing it but haven't released it yet because they are testing it. I'm still reluctant to use it until the issue is not solved. Although no reported hacks, there is a possibility that it can happen because its broadcasting in plain text, meaning not secured.
Title: Re: Coinomi: Vulnerability discovered Post by: pooya87 on October 05, 2017, 05:37:38 AM ~ using non-SSL to broadcast transaction which can be decoded and seen in plain text:~ there is absolutely nothing wrong with broadcasting transactions without encryption. in fact i believe no wallet uses any sort of encryption for broadcasting transactions. this is about everything else that is being communicated, as others said. such as your bitcoin addresses and the block headers you receive from the electrum servers coinomi connects to. Title: Re: Coinomi: Vulnerability discovered Post by: Coinomi on October 05, 2017, 09:34:14 PM We put Coinomi to the test and found that connections to the back-end servers are secured with SSL.
Title: Re: Coinomi: Vulnerability discovered Post by: jakagintiri on October 27, 2017, 04:32:55 PM would it be safe? because I do not know.
I am also a user of the coinomi app |