In the last couple of years, the number of blockchain services and products continues to sky rocket. The fact that there is no centralized server needed makes it very attractive for many companies to jump into the blockchain business. Decentralized Apps (DApps) and wallets are thriving to become part of our everyday life, yet, often face usability and scalability obstacles. Creating a wallet to manage cryptocurrencies, or sending and receiving a cryptocurrency is not an easy task for normal users. User interaction is even harder when a user needs or wants to use a desktop wallet or a separate hardware wallet for key management.
Interestingly, many of the Decentralized Apps look very similar to the mobile apps that we use today, except for the fact that in the background, instead of using a centralized and private server, DApps run on the blockchain network. This leads us to conclude that in order to speed up the expansion of the blockchain ecosystem, it is critical to safely bring the blockchain technology onto mobile.
When bringing blockchain technology onto mobile, there are inevitable security threats and vulnerabilities. Security measures to keep blockchain technology secure, yet transparent, etc. all have been integrated throughout the blockchain technology. Thus, the main concern is not the blockchain technology itself, but rather the mobile environment that the blockchain technology is executed in.
Because the wallet is the interface that signs and submits the transaction, it is often the main target for hackers. Since it is impossible to reverse a transaction that has been submitted, it is never enough to emphasize the importance of keeping and using the private key in a safe environment.
Possible attacks to extort the private key include malicious software that physically looks exactly the same as the screen where the user needs to enter the 12 to 24 Mnemonic Words to recover a wallet. Or create and show a malicious screen that suddenly asks the user to enter such crypto secrets in order to proceed with signing a transaction. Phishing, even crypto secrets, can all lead to the user losing the private key, an access to all the cryptocurrencies, and cryptoassets.
The display can also be maliciously modified so that user confirms and signs a fake transaction. For example, the address of the recipient displayed on the user’s screen could be maliciously modified so that user sends the cryptocurrency to the attacker, not to the intended recipient. Without any security measures to check the integrity of the transaction by the wallet, the user can sign and submit the transaction unconsciously.
These malicious attacks can result in the user losing a tremendous amount of cryptocurrencies or sending a crypto-asset to the attacker. Worst of all, the nature of blockchain makes it hard to track the attackers, and the user may never find out who caused the attack and stole the crypto assets.
To address these security threats and vulnerabilities mentioned, Samsung Blockchain Keystore thoroughly evaluated and prioritized various security features, and came with the conclusion that the following qualities need to be supported in order to be a “good” blockchain wallet.
In the blockchain network, the sensitive information in the transaction should never be tampered with. Sensitive information, especially used for user’s confirmation, must be shown on a safe and secure display.
What the user enters into the screen should be protected, and guaranteed to be not spoofed. Extremely sensitive information, such as the 12 to 24 Mnemonic Words that are equivalent to the user’s private key, or entering PIN as a means of user authentication, all must be done in a secure environment.
The cryptographic secrets to sign a transaction implies both user’s identity and user’s confirmation. Hence, they must be completely isolated from other normal apps and such environment that can be susceptible to malwares.
The environment where the user is creating a new wallet, or signing a transaction, etc. must all be executed in a secure environment. These should not be mixed with apps running in REE (Rich Execution Environment), where Android OS runs and also the environment that is vulnerable to remote attacks.