Obviously we are going to see BLOCKCHAIN PHONES in near future. Although the term remains still a bit vague, the Sirin Labs Finney and the HTC Exodus are expected by the end of the year, both with their own. Phil Chen from HTC, pioneering the Exodus development, started to talk about the most important trick of Exodus, which in turn is protecting your cryptocurrencies.
Naturally, the Exodus is more than a storage tool. Chen, HTC’s decentralized chief officer, says “A few years down the road, we see a world where people own their own identities and data, where everyone understands the concept and economics of digital property.” The target population of Exodus is mainly concerning about its function as a hardware wallet currently.
This has been an unanswered question until today. At the end, stockpiling digital currencies in a smartphone may not be good idea. Specifically the Android phones have their own vulnerabilities, resulting in a wide variety of malware and other threats. As you might have been aware or taught in the hard way, smartphones are prone to get lost or stolen, and this is not ideal for a digital bank vault.
Over-protective cryptocurrency investors tend to keep their assets in offline cold storage wallets as just the internet connection is an obviously threatening factor. Besides, some richer enthusiasts prefer even physical vaults with Faraday shield surrounds, really extreme, for storing cryptocurrencies.
On the contrary, storing your cryptocurrencies, hence the private keys intended for access, in your Android phone is somehow like having all your golds on your desk, instead of its drawers underneath, and then putting the desk in a shopping mall.
According to a cryptographer from John Hopkins University, Matthew Green, affiliated with a privacy-oriented cryptocurrency, Zcash: “Phones are very promiscuous in the sense that they transfer a lot of data, they connect to a lot of networks, we install third-party apps on them. They can be made relatively secure, but they’re not the safest thing to carry around a lot of money.” “And if you’re not carrying a lot of money, you don’t need a special phone.”
Chen, who is bound to centralized exchanges like Coinbase, says that the millions of people are already using these software wallets. According to Chen, “What’s obvious in the old internet model, is centralized cloud systems are very hackable.” “Centralized honeypots are continually hacked. The concentration of data in walled gardens increases the cost of security.”
The target of HTC Exodus is different in terms of compromising. Although significantly differing from cold storage, its users are somehow stronger as they have their own keys. To this end, it partially uses TrustZone, an ARM chip, as a trusted execution zone for storage. The secure enclave is outside the operating system, which allows for protecting the precious load under critical circumstances. This is like a panic room intended for smartphones.
Actually the concept is not quite recent; Intel launched an example for PCs a couple of time ago, and your fingerprint and face, the biometric data, which you use to unlock your iPhones, are protected by one of these. Also DMR-protect content are commonly locked by studios and similar actors using TrustZone for years.
It is better than nothing and HTC prefers it for building up its own solution from the scratch. However thinking that TrustZone is the ultimate security tool for everything would be a mistake. According to Simha Sethumadhavan, who is a computer scientist from Columbia University, “If somebody claims something is secure, a lot of people try to poke into it.” “Over the years there have been several attacks on TrustZone.”
Sethumadhavan is one of them, worked together with Adriana Tang and Salvatore Stolfo to publish a research last year to inform people on changing its code running in the secure medium while avoiding breaking the security of TrustZone.
Frankly speaking: TrustZone mostly functions as its advertisements indicate but such attacks are not easy to avoid. According to Sethumadhavan, “It does significantly raise the bar for the attacker.” By adding “It’s better than putting it in the insecure world, for sure,” he refers the Android operating system in a wider sense.
Surprisingly, Chen accepts the notion of compromising. “There’s no such thing as 100 percent security: It’s always a balance between security and usability.” “We’re still at the very early stages of educating users that this is not a 100 percent secure solution, but as of right now it’s the best so far. It’s our attempt to do something that’s best from the market.”
According to Chen, to make people believe that ARM and Qualcomm, the chipmaker, will be able to meet their security promises, HTC should definitely announce it, if everything will not turn to open source. For a solid HTC Exodus, he knows that they need cryptographers and the cryptocurrency community in a wider sense to support it. Chen: “It’s really a beta.” “We’re still targeting the 30-35 million people that have software wallets, and this is a much better solution than that.”
Chen don’t say that the Exodus is safer than cold storage, but he emphasizes that it is highly useful when comparing to the cold storage. The cold storage actually means connecting a specific hard drive, using a USB, to a laptop, and then dealing with a non-user-friendly interface.
Besides, there is a new way to recover your keys in the HTC Exodus, like some words required to be entered when you can’t access your wallet. If you really want to lose everything, you can try to lose both the wallet and the recovery keys.
This is refreshing with regard to smartphones, which you replace every couple of years if you didn’t lose or break them from time to time.
HTC proposes for being bullet-proof that: Your key can be split into parts and shared with your family or friends. To this end, they would all download and use a specific app. For transactions, you don’t need their help but if you get your phone lost, you will need them. Chen: “It revolves around this fundamental principle of users owning their keys. I do want to stress that this is a very, very difficult problem. People aren’t used to owning their keys. People are used to calling up Apple or Google.”
The HTC Exodus philosophy is definitely in line with users sharing their keys with their families and friends. However, there are certain risks as well: If you end up badly with one of your friends or if they renew their phones or remove the app, what will happen? Is there any backup for this backup?
Actually not yet. Chen: “This is the 1.0 version.” “There are other backup plans that we’ve thought of, but they’re not part of the solution yet.”
This seems dull but better than nothing. Under similar circumstances with a cold storage wallet or the Sirin Labs Finney blockchain phone, mostly you don’t have any options to this extent.
There are still a number of questions on the HTC Exodus, particularly about what does the company think for the long haul to address people’s need to relate to their cryptocurrencies, their data, and their identities. The blockchain smartphone may turn the world into another place although HTC is still not done with it. However, they try to address some unanswered questions for security purposes, which is well-received.
