At first instinct, the latest method of smartphone-based hardware wallet is an attractive one. Due to the adoption of smartphones globally, such solutions might give crypto adoption a great boost. Even though with great support, the problem occurs due to some plain security questions.
Samsung claims that their smartphones provide the best features for crypto security. In one of the posts in 2018, the firm described its devices as "the best approach to short-term and medium-term storage" for crypto private keys. But, experts should raise some serious questions.
Are "Trusted Environments" truly secure?
With crypto wallets, security mostly depends on the availability of safe storage of private key combinations linked with transactions.
Hence, the Trusted Environments come into the picture. A TEE is mainly a hardware-based, isolated computing environment, consisting its own memory and storage space, which is never gained by the OS of the smartphone. TEEs get authorized access via a secure API, which formulates use of "trustlets" small apps available within the TEE.
By utilizing these trustlets for private key management, smartphone wallets can achieve a high degree of security at a theoretical level.
Also Read: Beginner’s Guide to Cryptocurrency Wallets
Smartphone involvement is not good for security
TEEs may not be susceptible to the settled OS, however due to the nature of the platform on which they are running, they are still vulnerable to various types of potential attack vectors.
Specialized apps can be programmed to make payments via TEE, when the user uses them. However, the apps should be able to communicate with TEE in order to be of any use.
Despite of the requirement of the password in the security chain, it cannot remove the risk. Matthew Green, a Cryptography professor at Johns Hopkins University, said, "A particularly sophisticated piece of malware can just wait for you to enter the password in order to make a legitimate transaction,” and then re-use your password for fraudulent ones.
Moreover, the problem about the quality can't be neglected. Security issues have also been found in the TEEs of some of the top makers.
A large number of users keep their mobile devices connected to the Internet or WI-FI networks all the time, thus increasing the risk of potential threats.
Can Blockchain solve the security flaws?
One solution to these security systems could involve adding legacy systems with blockchain-based security. HTC's first effort to build a blockchain based smartphone, Exodus, put the privacy associated powers of DLT to use along with the addition of Second OS, running together with Android.
Exodus runs dApps which remove the security flaws found in traditional apps. But, you should keep this thing in mind that security of dApps fully depends on the goals and intentions of those who make these apps.
In Exodus phone, Zion, a hardware wallet app available in the phone is said to be fully secure. Users who lose their private keys can use their social recovery function to obtain their funds.
Smartphone with Blockchain OS
XPhone made by PundiX makes a great effort to use Blockchain. XPhone is backed up by Function X, a blockchain-based OS, the phone itself consists of a blockchain node, and hence it doesn't depend on the centralized mobile carriers to perform its tasks. XPhone can be used to make calls via normal cellular networks, however, it also consists of a blockchain call feature.
XPhone might be considered a revolutionary phone, as it consists of a lot of benefits. A platform like Function X removes all the security flaws present in the full-fledged mobile OS like Android. Function X also provides various features such as private messaging and data transmission thus providing great security to the blockchain based smartphones.
Lastly, blockchain technology is still looking to solve all the security issues present in the smartphone wallet. However, Blockchain phones with security and all the features of a smartphone might launch in the near future.