Ledger’s CTO warns that recent changes to increase smartphone security by large tech companies will not protect users from attacks.
In short:
Crypto safety of the average user
Charles Guillemet, Director of Technology at Ledger, one of the larger hardware wallet companies, explained how they protect users from malware. The cryptocurrencies are stored and transactions are signed in the hardware wallet, assuring the owner that the seed will never be visible through the device to which it is connected.
Problems on the way of giants
Ledger uses a chip based on the innovative Secure Element technology, which according to Charles is an ideal form of protection against physical manipulation.
Samsung has recently tried to integrate similar technology into its flagship phones with blockchain, carrying the promise of a smartphone as safe as the hardware wallet. Despite such optimistic words from the technological giant, Guillemet warns that this will not solve security problems as much as the hardware wallets do.
Phone or hardware wallet?
Ledger’s CTO said that hardware manufacturers can use Secure Element technology to make cryptographic memory safer. According to the hardware portfolio company, when it comes to crypto storage in phones, there is no debate, the grain is in the Secure Element just like in Ledger Nano S wallet.
The problem only appears when you need to unlock a secure element and make a transaction. The phone’s display on the Android doesn’t give any guarantee that the data displayed on it will be accurate, and this opens the path to malicious attacks using malware.
For example, someone would like to send BTC to a specific person, and the malware could change the address of the person with whom you will eventually make the transaction without your knowledge. For this reason, Ledger’s wallets have been developed with the necessary Trusted Display function to ensure that such situations do not occur.
Should we be worried about malware?
According to Charles Guillemet, at this point in time the most popular and, in addition, the cheapest method of covert scam is phishing attacks, in which the criminal impersonates another person or institution in order to scam confidential information. Attacks using social engineering techniques are currently the most frequently used due to their high effectiveness and ease.
Malware attacks are quite rare, but when the stakes are high, criminals can use it to steal large amounts of crypto. According to Guillemet, it is very difficult to be completely safe on smartphones, whether they are based on Android or IOS.
