The current year alone has reported crypto thefts of over $761 million, and security in blockchain networks is now an absolutely critical topic being discussed upon, with special consideration given to finding out what might be the best and safest way to store virtual money on decentralised networks. According to Samsung, this solution might just be the smartphone.
In an Insights blog post last month, Samsung explained that smartphones indeed have the best security for cryptos and digital assets. In the article, author Joel Snyder stated that modern smartphones, including Samsung’s, come pre-installed with Trusted Execution Environments (TEEs). Such environments are properly suited to store crypto assets and blockchains.
TEEs are part of the phone’s hardware. However, they are kept completely isolated from the other phone systems and the main processor through firewalls. The only means of access to the information stored there are “trustlets”, which are small-sized apps designed to access specific data stored in TEEs, by using dedicated and supposedly secure APIs. Snyder explained, “The Android OS can’t reach into the TEE, even if the former is completely compromised.”
He then continued, “With a properly written wallet that uses trustlets to manage the keys, security is seriously tight. If those private keys are in the TEE and only accessible via a trustlet, there’s no possible way the malware can extract the keys directly. And with platforms like Samsung Knox that wrap additional protections on the TEE on top of the normal Android features, the keys are even better protected.”
This is essentially the upper hand smartphones have over laptops. Since laptops don’t have TEEs, wallet software stored in them become much more vulnerable to malware threats.
However, just the presence of TEEs doesn’t mean that smartphones are completely secure from attacks.
While the company is correct to say that TEEs indeed improve security, the extra complications that come with them also open up avenues for several brand new attacks on smartphones, many of which would probably not even be possible on standard hardware wallets specialised for the purpose.
Bitcoin developer Jameson Lopp explained that custom wallet hardware like Ledger and Trezor have been installed with very minimal features, which would inturn reduce the number of attack openings. This would in-turn be safer than any of the crypto wallets running on a full-fledged operating system.