|
niko (OP)
|
 |
April 04, 2013, 06:35:46 PM |
|
How likely are my coins to get stolen from the bitcoin spinner running on a non-rooted android phone? I am perfectly content with the security of my paper wallets, but am getting tired of printing, cutting, laminating with Al foil inserts, and redeeming private keys whenever I need to spend a portion of my savings. Bitcoin spinner is convenient, but how secure is it? Can you provide examples of any past exploits (wallet stealers) on Android devices?
|
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
Mike Hearn
Legendary
 Offline
Activity: 1526
Merit: 1134
|
|
April 06, 2013, 01:16:15 PM |
|
What model of phone do you have?
The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.
|
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
April 06, 2013, 01:36:10 PM |
|
There are other things that could mitigate or reduce risk. - You could only keep only a small amount accessible on your phone. Perhaps less than the value of the phone itself?
- You could pay for VPN service. Last week I was in Oman and could connect to public wifi with confidence, knowing I had an encrypted and anonymized connection.
- You could also ask your provider if they can further secure your phone. It may come at the cost of shutting off services, but maybe the phone can be hardened as a target.
|
|
|
|
|
niko (OP)
|
|
April 06, 2013, 05:19:39 PM |
|
What model of phone do you have?
The Nexus phones are pretty secure and you probably don't need to worry about it. Samsung Galaxy phones have had a series of extremely bad security holes that it took them months to patch. So it can vary quite wildly.
It's a samsung galaxy note, still on the Canadian Telus' ICS. RodeoX: good suggestions, I'll check with the provider about hardening the device. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
April 06, 2013, 07:39:14 PM |
|
You should check the firmware release to see if it still has /dev/exynos-mem type holes. Otherwise we can't say for sure. I'd not trust any Samsung OS by this point, they have released serious mistakes too often and clearly have some systematic issue with making secure software. You could maybe reflash it to some other firmware, but that'd break your warrantee.
|
|
|
|
|
|
Teka
|
|
April 06, 2013, 07:41:31 PM |
|
I have a nexus 7 (tablet) it's my wallet storage device and I've decided to encrypt it using the stock android encryption option. Does anyone now how secure the stock android encryption is?
|
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
April 07, 2013, 10:36:51 PM |
|
I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.
For small amounts it might be OK but don't expect security or privacy. PC FTW!
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
April 08, 2013, 01:18:29 AM |
|
And what about how proprietary hardware does upon receiving something from air? I messed with phone repairs some time ago and I it never ended to surprise me how many things are wrongly done or are completely undocumented by manufacturer.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
tiberiandusk
|
|
April 08, 2013, 01:23:11 AM |
|
Newer versions of android let you encrypt the entire phone. I just flashed my old Mesmerize to 4.2.2 and it has an encryption option. Other than that just make sure you use something like Lookout and don't install apps from strange sites or with crazy permission requests.
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
April 08, 2013, 01:32:42 AM |
|
I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.
For small amounts it might be OK but don't expect security or privacy. PC FTW!
the government isnt going to steal a couple of bitcoins from anyones phones. |
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
niko (OP)
|
|
April 08, 2013, 08:37:10 PM |
|
I would not consider mobile phone to be secure device at all. I don't know is there a government backdoor in it or not. Encrypting something that have totally closed and proprietary hardware in it makes no sense. Increases risk of data loss if password is forgotten or encryption or hardware malfunctions.
For small amounts it might be OK but don't expect security or privacy. PC FTW!
I feel that the attack surface on a non-rooted android phone I use is much smaller than the attack surface on the PC I use. Again, can someone point to documented cases of past wallet stealers on Android? I've never seen one, and I've seen many on PCs. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
April 09, 2013, 01:26:14 PM |
|
When they come out I'm getting one of these! http://www.ubuntu.com/devices/phoneI think it could be secured very well, but I'm not positive about that. Hopefully these will be fully unlocked and configurable. |
|
|
|
|
