Ledger CTO Explains Why Smartphones Won’t Ever Be Fully Safe for Using Crypto

Recent developments led by some smartphone manufacturers aim to use hardware to make the system more secure, but it won’t protect from all attacks, cautions Ledger’s CTO.

Cointelegraph interviewed the CTO of Ledger, Charles Guillemet, to learn more about the best practices in securing cryptocurrencies for average users.

Ledger is a major producer of hardware wallets, which store cryptocurrency seeds on a dedicated device. As Guillemet explained, hardware wallets protect against possible malware on the user’s computer or mobile device. Both storage and transaction signing are performed on the wallet, which makes sure that the seed is never seen by the device it’s connected to.

Ledger uses a chip based on Secure Element technology, which he says is an ideal protection against physical tampering. 

Recent moves by Samsung to integrate similar technology in their blockchain-enabled phones carry the promise of making smartphones just as safe as hardware wallets, but Guillemet warned that they won’t solve every problem.

Usage is still unsafe

Guillemet said that manufacturers can use hardware to make cryptocurrency storage safer, by using a technology called integrated secure element:

“In terms of storage, there is no debate. The seed is inside this secure element, and it is very comparable to the secure element that you can find in the [Ledger] Nano S.”

But the proposition changes when the secure element must be unlocked to make a transaction. The problem is the display of the phone, where Android does not give any guarantees that the data shown on it will be accurate — a feature called “Trusted Display.”

That opens the path to a sneaky malware attack:

“You would say, ‘Okay, I’m sending one Bitcoin to this specific person.’ […] The thing is that you can add malware which will swap the address to which you want to make a transaction with another one, and display to you the address you think you’re about to send to.”

Ledger’s wallets, on the other hand, were developed with the necessary Trusted Display feature, said Guillemet.

Should you worry about malware?

Guillemet noted that right now, phishing attacks and SIM swapping attacks are the most widespread. “These kinds of attacks are very cheap social engineering techniques, but still, they’re very efficient,” he added.

But when the stakes are higher and users begin using better security practices, malware-based attacks are likely to become more common, he cautioned. On mobile phones, no matter if it’s an Android or an iPhone phone, “it’s very difficult to have secure applications,” according to Guillemet.