News Vxlabs Reveals Jaxx Wallet “Vulnerability”

Vxlabs Reveals Jaxx Wallet “Vulnerability”

-

- Advertisment -




A report by Dr. Charl Botha of vxlabs raises concerns about the security of Jaxx, a “permissionless,” multi-chain wallet.

On June 9, 2017, Dr. Charl Botha, owner and software engineer at vxlabs, published a brief analysis of the 12-word backup phrase used to restore Jaxx wallets. Botha positively identified the vulnerability on the Jaxx Chrome extension v1.2.17 and the Jaxx Linux desktop app 1.2.13. The Jaxx wallet does not need to be running for this weakness to be exposed.

Botha expressed the primary problem is that Jaxx encrypts the 12-word phrase using a “hard-coded encryption key.” Using relatively straightforward code, decryption from local storage is possible.

“Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down,” writes Botha. “With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.”

On Sunday, June 11, Jaxx CTO Nilang Vyas commented on reddit to address customer concerns.

“We are very comfortable with this security model for hotwallets,” writes Vyas. “The fact is there will always be tradeoffs between user experience, portability and security and we believe we’ve struck a great balance.”

Today, tenuous reports circulated claiming that Jaxx users have lost $400,000 to theft. Jaxx’s director of business and community development, Charlie Shrem, told ETHNews he categorically denies this allegation:

“There is no vulnerability, no one lost funds here. The author of the article basically says that someone can retrieve your 12 word backup seed if they have access to your device. If you aren’t securing your device (pin, password, encryption, etc) how can you blame JAXX if someone steals your unsecured device and steals your money?

Do other wallets secure better? Yes! Can we do a better job? Yes! We are, and we have solutions for all security related matters including this one such as double encryption.”

These assurances did not allay Botha’s concerns. In a statement to ETHNews, Botha voiced his fears.

“I don’t understand why Jaxx has not committed to the short-term improvement of implementing a user-supplied passphrase for backup phrase (mnemonic) encryption for their desktop / chrome extension products. This would really not be difficult to do, but it would reduce user risk significantly.”

Botha notes that Exodus (a competing multi-currency app) utilizes this additional layer of security.

“All Jaxx desktop users currently run the risk of malware (we saw how rapidly WannaCry spread; also think of various large botnets) or a malicious person lifting their wallet backup phrases. With the increasing amount of value in cryptocurrency, the cost of this risk realizing is significant.”

Cryptocurrency ownership is like defensive driving. Wallet vulnerabilities demand vigilance.

Matthew is a writer living in Los Angeles. He studied international economics at Georgetown University. Matthew is a full time staff writer for ETHNews and holds value in Ether.

Source link

Latest news

What’s the future of decentralized blockchains?

When Bitcoin was new and not valued at anything or just a few cents anyone could join...

My 5 favorite free crypto tools & sites I use daily

So I often get asked by friends, or people visiting my site about new tips for exciting...

Cryptocurrency is The Last Kingdom Where You Can Keep Your Data Private

Data privacy has been a hot topic for quite some time now and particularly after the popularity...

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.
- Advertisement -Vxlabs Reveals Jaxx Wallet “Vulnerability”

Top 5 Ways To Build a Profitable Business in The Crypto Sector

The crypto industry has grown significantly despite criticism and a skeptical approach from regulators across the globe....

These 8 Cryptocurrencies Will Survive the Next Decade

Cryptocurrency is the future, we all have reasons to believe it. But are people ready...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you