Cointelegraph interviewed Charles Guillemet, Ledger’s CTO, to learn more about this Best practices for securing cryptocurrencies for average users.
Ledger is a major manufacturer of hardware wallets that store cryptocurrency seeds on a dedicated device. As Guillemet explained Hardware wallets protect against possible malware on the user’s computer or mobile device. The transaction is both stored and signed in the wallet, ensuring that the starting value is never seen by the device to which it is connected.
Ledger uses a chip based on Secure Element technology (which corresponds to them). It is an ideal protection against physical manipulation.
Samsung’s recent initiatives to integrate similar technologies into its blockchain phones They promise to make smartphones as secure as hardware walletsbut Guillemet warned that You will not solve all problems.
The use remains unsafe
Guillemet said manufacturers can use hardware to make cryptocurrency storage more secure by using a technology called an integrated secure element:
“There is no debate about storage. The semen is in this safe element and is very comparable to the safe element that you can find in the [Ledger] Nano S. “
However, the proposal changes when the secure item needs to be unlocked to complete a transaction. The problem is the screen of the phone, on which Android does not guarantee that the data shown on it is correct – a function called “Trusted display”. (Trust screen in Spanish).
This opens the way to a sneaky malware attack:
“They would say, ‘Okay, I’m going to send a Bitcoin to that particular person.’ […] The case is that you can add malware that swaps the address to which you want to make a transaction with another and shows you the address to which you think you want to send“”
Ledger’s wallets, on the other hand, were developed with the necessary functionality of Trusted Display, said Guillemet.
Should we be worried about malware?
Guillemet found that phishing and SIM swap attacks are currently the most common. “”These types of attacks are very cheap social engineering techniques, but they are still very efficient.“he added.
However, if the risks are higher and users use better security practices, malware-based attacks are likely to be more common, he warned. On mobile phones, it doesn’t matter whether it’s an Android or an iPhone. “It is very difficult to have secure applications“after Guillemet.