Android Security, Zero Day Vulnerability, and Bitcoin Key Protection
Safety of the Bitcoin protocol is one of its defining features, and one of the main selling points. Crypto-connoisseurs praise and sprinkle holy water on the protocol when pitching the technology. It is true, though. The protocol is practically inviolable. It cannot easily be hacked. It cannot easily be tampered with. It is insulated by its distributed nature. However, […]
Safety of the Bitcoin protocol is one of its defining features, and one of the main selling points. Crypto-connoisseurs praise and sprinkle holy water on the protocol when pitching the technology. It is true, though. The protocol is practically inviolable. It cannot easily be hacked. It cannot easily be tampered with. It is insulated by its distributed nature. However, hackers can gain access to wallets, which store private keys.
If a hacker accessed a backdoor on a cellular device, he could bypass security and control the Bitcoin wallet. Matter of fact, depending on the nature of the entryway, he could gain access to a number of applications and even spy on the user with the user being none the wiser.
This backdoor breach is called a zero day vulnerability. It is a security issue where a piece of software contains a hole that hackers can exploit. A paper was just released by a research duo in Washington D.C. that suggested the Android platform suffers from this vulnerability. It is a CVE-2014-3153 proof of concept, which is vulnerability in Android’s certificate class.
The article on Hackread.com explained it:
“The CVE-2014-3153 zero-day vulnerability can easily be exploited by attackers as all they need is an entry point into the Android device. That is because they just need to inject a tiny snippet of code to enhance the privileges of an app. That tiny piece of code could be hidden in any low-level app or a game they would like. They may also host it on Play Store.”
Various sources have already been warning Android Bitcoin users to be careful. If their wallets were accessed by a hacker who took advantage of this exploit, he could steal funds by sending them to his wallet. But bitcoiners can protect themselves. They must not install unknown or unregistered apps, because they could contain software failure and holes. Android users should also make sure their platform is constantly updated.
Hot VS Cold Wallets
For extra security, serious bitcoiners, savers, and investors should use alternative place to store wallets. They should possess a “hot wallet” for spending, and a “cold wallet” for storage. The hot wallet would contain the everyday funds, which would be a trivial amount. It would not contain so much money that a loss would spell financial devastation. On the other hand, cold wallets would be used to store life savings, investment monies, and other large amounts.
Hot wallets are generally mobile wallets and other online wallets. They touch the internet often and are vulnerable to malware and cyber attacks. They should be lightly filled with Bitcoin, and spent regularly. Think of them like a real, physical wallet. No sane person walks around with 300 thousand dollars in their billfold. Thus, online and cellular wallets are the billfolds of the bitcoin world; they contain less money.
Cold wallets do not touch the internet often, and money is seldom transmitted to and from them. They are used to store large amounts of Bitcoin, maybe even millions worth. Paper wallets, nano-ledgers, and other small devices perform the storage duties. Paper wallets might be more secure, though. Just make sure the private keys are protected and these paper wallets do not fall into the wrong hands. They should be kept in a safe, vault, or somewhere equally secure–maybe even buried in the desert after the fact.
Practice Responsibility; Enemies are Everywhere
The issues presented above illustrate important lessons for handling Bitcoin. Like anything else in the digital world, the reality of fraud and other attacks must be considered. The problem is that most people have relied on banks to protect their money, and they have forgotten how to protect it themselves. Cryptocurrency, however, demands that people learn to guard their money, and be their own banks. It is their sole responsibility now.
There is another important reason why protecting keys is good practice. It teaches people to protect their money from governments, as well as from hackers. Governments will be the group of individuals who want to get a hold of private keys more than anyone, and they may be willing to use zero day vulnerabilities to access them. Some people trust governments, but that mentality is changing. Politicians and other bureaucrats will do anything to keep their power, and this includes having control over money, and using violence to acquire it. The bitcoiner should be wary of everyone, then, especially phony and evil politicians. The political elite should be on the top of the watch list. Generally, it is the ones that pretend to be friends who stab people in the back and rifle their pockets. In this sense, the politicians will be as bad as the everyday thief-hackers.
Store bitcoin safely, and know thy enemies…or everyday will be a zero day vulnerability.
How can Bitcoin technology further address these inherent weaknesses in the wallet system?
Image Sources: youtube.com, scmagazine.com, cryptocompare.com, bitcoininvestmentcorp.com