Samsung S10 crypto wallet

[Radiante]

Who cares, who would trust his/her cryptos to a Samsung device? Keep using cold storage, or open source software

[1714048139]

1714048139

[gentlemand]

Confirmed - https://news.samsung.com/global/samsung-raises-the-bar-with-galaxy-s10-more-screen-cameras-and-choices

No details, but the interesting thing is the wording. It makes no mention of a wallet, just pure private key storage.

I'm going to guess that Samsung don't want anything to do with running an actual wallet. That's a ton of work and hassle with no upside. I think they're going to let wallet developers interact with what you have stored in your phone which means it's possible you'll be able to store anything in there provided someone develops it.

Let's see what details arrive next.

[vit05]

Confirmed - https://news.samsung.com/global/samsung-raises-the-bar-with-galaxy-s10-more-screen-cameras-and-choices

No details, but the interesting thing is the wording. It makes no mention of a wallet, just pure private key storage.

I'm going to guess that Samsung don't want anything to do with running an actual wallet. That's a ton of work and hassle with no upside. I think they're going to let wallet developers interact with what you have stored in your phone which means it's possible you'll be able to store anything in there provided someone develops it.

Let's see what details arrive next.

It will be at least curious. It seems to be a new approach. Any technology related to tap to pay will be massively used in the next few years. As some are joking, the only use of the fiat on paper will be for criminal activity.

I believe they can still offer a Wallet, but as software. In this description, they talk more about the hardware. That is, the Samsung Knox will be superior protection than those offered by any software. Maybe very similar to the traditional hardware wallets.

[gentlemand]

I believe they can still offer a Wallet, but as software. In this description, they talk more about the hardware. That is, the Samsung Knox will be superior protection than those offered by any software. Maybe very similar to the traditional hardware wallets.

Well I'm sceptical about Samsung themselves running a wallet. You have nodes, maintenance, keeping on top of forks, upgrades. If I were them I'd much rather leave the actual operation to other parties who are interested in doing it.

Look at the amount of hassle Ledger and Trezor get from their users regarding firmware, forks and adding projects. I can't see Samsung bothering to engage with users like that, and users won't put up with faceless masters.

Much better for them to plop a storage solution down and let the rest of the world make something of it. It sounds like they're rolling out soon so we'll get the juicy gossip rapidly.

Edit - tutorial type thing in this video - https://twitter.com/BlockchainROK/status/1098417940167221248?s=20

It looks rather wallet esque after all. And they have a weird ETH fixation.

[KingZee]

I believe they can still offer a Wallet, but as software. In this description, they talk more about the hardware. That is, the Samsung Knox will be superior protection than those offered by any software. Maybe very similar to the traditional hardware wallets.

Well I'm sceptical about Samsung themselves running a wallet. You have nodes, maintenance, keeping on top of forks, upgrades. If I were them I'd much rather leave the actual operation to other parties who are interested in doing it.

What parties? You're SERIOUSLY SERIOUSLY undetmining the workforce of samsung. Theg're a multimillion dollar company that have to work on massive codebases constantly to come up with improvements. They know Android and linux like the back of their pockets, and on every new phone come up with new software to remain competitive. Who exactly are you nominating here as "other parties"? Almost all wallets are open source projects maintained by a group of fanatics that definitely know what they're doing, but probably never witnessed even near the amount of stress and competition as the smartphone market.

Look at the amount of hassle Ledger and Trezor get from their users regarding firmware, forks and adding projects. I can't see Samsung bothering to engage with users like that, and users won't put up with faceless masters.

Ledger and Trezor dont only worry about firmware, they're hardware wallets. Standalone chips which JOB is to be as secure as possible against a multitude of attack vectors. This samsung wallet is the equivalent of installing electrum on your linux. Android is the OS, and the rest is just software. Anyone can build it, and all it has to do is its function.

[gentlemand]

What parties? You're SERIOUSLY SERIOUSLY undetmining the workforce of samsung.

Hello, Samsung CEO.

Considering how happy Samsung are to abandon upgrading the OS of most of their devices, the core system that makes it all possible where vulnerabilities could pop up at any moment, then I would not trust them to stay on top of how manic crypto is.

[KingZee]

What parties? You're SERIOUSLY SERIOUSLY undetmining the workforce of samsung.

Hello, Samsung CEO.

Considering how happy Samsung are to abandon upgrading the OS of most of their devices, the core system that makes it all possible where vulnerabilities could pop up at any moment, then I would not trust them to stay on top of how manic crypto is.

I don't understand what you mean. Source?

If you're talking about Android versions, it's simply because older smartphones can't run new android versions. This is a hardware limitation.

But saying you don't trust Samsung "to stay on top of how manic crypto is" is just naive. Forget crypto, do you even know how much data they have on their hands?

Every samsung phone comes with extra drivers, features & settings, themes and software specific to samsung. Samsung Knox which existed for years now is their solution for encrypting data, which is the one that will include the crypto wallets. Every Samsung phone gives you access to creating a Samsung account, where your data becomes linked to. This could include your media, applications, and probably usage statistics and creepy tracking data. And don't even get me started on software like Samsung Pay, Samsung VR, and things like linking your phone to your Samsung TV and similar proprietary solutions.

The amount of codebase AND data that Samsung has to maintain is way larger than any "blockchain developer" out there. Even the amount of users is probably tens to a hundred times more.

"You have nodes, maintenance, keeping on top of forks, upgrades. If I were them I'd much rather leave the actual operation to other parties who are interested in doing it." This sounds like sarcasm more than anything. Samsung could hire a single senior dev that worked on blockchain and within 6 months probably come up with their own crypto coded from scratch. And you're telling me that they're going to have a hard time maintaining a crypto wallet? What?

[gentlemand]

https://www.coindesk.com/hands-on-preview-of-samsungs-galaxy-s10-phone-reveals-new-crypto-details

More of a preview here. The security set up doesn't sound like what we all know and love. It's looking like a pass to me.


'The S10 allows users to store private keys either in the secure enclave or via a third-party service, the terms indicate.

But what do you do about your private keys if you lose your phone? According to the T&Cs, the private keys stored in the S10’s Keystore are backed up in a personal account provided by Samsung. If the phone is lost or stolen, users can access the device and delete the private key through its Find My Mobile service. Further, if a private key is accidentally deleted, users can restore it via the service.

Centralizing key storage in this way is bound to raise questions about security and it remains to be seen what would happen if someone gained access to your Find My Mobile service and if Samsung might provide further protections.'

[o_e_l_e_o]

-snip-

So just like Coinbase's new wallet feature, it's all backed up to a cloud server, protected by a simple user defined (and therefore horrendously weak in >95% of cases) password. Absolutely awful.

If this is true, then this is worse than just installing a normal software wallet like Coinomi on your phone. At least with a software wallet, you phone actually has to be stolen or compromised first. With a cloud back up, your keys and coins could be gone while you sleep. I don't have a Samsung account, but what are the recovery methods? If someone hacks your email, or convinces your phone company to transfer your number (happens way more than you would think), then presumably they can just reset your Samsung account password and then use that to get your private keys?

I'm disappointed to say the least.

[gentlemand]

I'm disappointed to say the least.

I'd love to know how much research they put into it and who and what advised them. Perhaps it's dripping with disclaimers and tutorials. We'll have to wait for a non Korean who knows their stuff to have a look.

[StartupAnalyst]

Just leave it here.

[HeRetiK]

I kinda got excited by Samsung starting to provide secure hardware elements which would make for other interesting use cases outside of crypto-currencies as well (eg. 2FA), alas...

According to the T&Cs, the private keys stored in the S10’s Keystore are backed up in a personal account provided by Samsung. If the phone is lost or stolen, users can access the device and delete the private key through its Find My Mobile service. Further, if a private key is accidentally deleted, users can restore it via the service.

Dagnabbit!

Obviously you need some way to enable private key backups but cloud storage is one of the most unfortunate ways to do it and leads the whole idea of secure key storage at absurdum.

[KingZee]

I kinda got excited by Samsung starting to provide secure hardware elements which would make for other interesting use cases outside of crypto-currencies as well (eg. 2FA), alas...

According to the T&Cs, the private keys stored in the S10’s Keystore are backed up in a personal account provided by Samsung. If the phone is lost or stolen, users can access the device and delete the private key through its Find My Mobile service. Further, if a private key is accidentally deleted, users can restore it via the service.

Dagnabbit!

Obviously you need some way to enable private key backups but cloud storage is one of the most unfortunate ways to do it and leads the whole idea of secure key storage at absurdum.

It might be an opt-in. It already is for all Cloud services available for Samsung. If some users feel too insecure or like having some backup for their own clumsiness, why not..

I'm honestly a bit sad about the whole skepticism from most of the community here and on reddit. Like.. guys, it's either this, or NO crypto wallet built-into a phone purchased by millions.. The crushing majority of the people who are going to buy/pre-order the S10 haven't and would have probably never even considered touching crypto. This is one of the biggest leaps towards mass adoption I have seen in years..

[o_e_l_e_o]

I'm honestly a bit sad about the whole skepticism from most of the community here and on reddit. Like.. guys, it's either this, or NO crypto wallet built-into a phone purchased by millions.

Don't get me wrong - I'm obviously pretty excited that they have a built in crypto wallet, and yes, this might pique the interest of quite a few people who would otherwise never have heard of crypto or never have bothered to look in to it seriously. I'm just disappointed that they are doing it in this way.

As you say, this will be many people's first exposure to a crypto wallet, and so teaching them that cloud storage back-ups protected by a simple 8 character password is a good idea is, well, a bad idea. They could quite easily have offered a wallet with no such feature. I suspect the reason they are doing it is for their own safety, rather than their customers' - I'm sure they know how careless the average person is, and they don't want to have to deal with all that bad press of people losing their coins forever and blaming it on Samsung.

[KingZee]

They could quite easily have offered a wallet with no such feature. I suspect the reason they are doing it is for their own safety, rather than their customers' - I'm sure they know how careless the average person is, and they don't want to have to deal with all that bad press of people losing their coins forever and blaming it on Samsung.

Exactly. The most probable course of action they're going to take is to let advanced users choose whether to back up their keys on the cloud or not, and for less knowledgable users, well, why not give them a "technically" less secure option as their data could theoretically be accessed by a third party online, but considering they're very likely to mess up and lose their keys otherwise, it's probably the most secure option for them.

Either way this could trigger a pretty big chain reaction if the target customer-base decides to embrace crypto and have it go viral.

[gentlemand]

I'm just disappointed that they are doing it in this way.

How a crypto wallet is 'supposed' to operate is still to play for. It's early in the game and the current way things operate might be fine for the weirdos like us who've been here forever. Not so for the rest yet to come.

I'm not sure how Samsung can impress on people what can go wrong while still maintaining painlessness.

Presumably at some point they're going to issue some press releases about this. Then we may get a sense of how they arrived at this apparent set up.

[HeRetiK]

It might be an opt-in. It already is for all Cloud services available for Samsung. If some users feel too insecure or like having some backup for their own clumsiness, why not..

Keep in mind that being able to back up private keys to cloud services implies that there's a way to access the stored private keys at the software level. Accordingly the private key storage may be exploitable regardless of whether a user opts-out of the cloud service backup or not. That's an attack vector that does not exist for the current generation of hardware wallets (at least the most popular ones).

Don't get me wrong, this is huge news for adoption. But assuming Samsung officially communicates a level of security akin to established hardware wallets we are looking at a potential security mess in the making.

But we'll see, I guess. For all we know this might all be a dud with them merely supporting their own Samsung-ERC20-token.

[KingZee]

Keep in mind that being able to back up private keys to cloud services implies that there's a way to access the stored private keys at the software level. Accordingly the private key storage may be exploitable regardless of whether a user opts-out of the cloud service backup or not. That's an attack vector that does not exist for the current generation of hardware wallets (at least the most popular ones).

It's very unlikely they're storing the plain private keys... Maybe the encrypted wallet file or such... But maybe you're right, and that's definitely going to get a lot of people to try and reverse engineer their way to get to them. But at this point it's just speculation until the phone is out. We can only wait and see.

[gentlemand]

https://www.cryptoglobe.com/latest/2019/02/samsung-galaxy-s10-reportedly-supporting-btc-eth-and-ltc-via-enjin-crypto-wallet/

It says there that it's the Enjin crypto wallet that Samsung has preinstalled. I've never head of it myself but it's had good reviews in other incarnations.

https://enjinwallet.io

[HeRetiK]

https://www.cryptoglobe.com/latest/2019/02/samsung-galaxy-s10-reportedly-supporting-btc-eth-and-ltc-via-enjin-crypto-wallet/

It says there that it's the Enjin crypto wallet that Samsung has preinstalled. I've never head of it myself but it's had good reviews in other incarnations.

https://enjinwallet.io

The market already reacted to this news, Enjin Coin just made a huge jump. Not bad for a vaguely known alt, if that's really happening it looks like they got a pretty good deal.

Keep in mind that being able to back up private keys to cloud services implies that there's a way to access the stored private keys at the software level. Accordingly the private key storage may be exploitable regardless of whether a user opts-out of the cloud service backup or not. That's an attack vector that does not exist for the current generation of hardware wallets (at least the most popular ones).

It's very unlikely they're storing the plain private keys... Maybe the encrypted wallet file or such... But maybe you're right, and that's definitely going to get a lot of people to try and reverse engineer their way to get to them. But at this point it's just speculation until the phone is out. We can only wait and see.

Which would put them at the security level of regular desktop and mobile wallets, but not hardware wallets. But yes, we'll see. Definitely worth keeping an eye on regardless.