maybe new attack -- another app on the same device captures keystrokes

OpenBitcoinPrivacyProject / wallet-ratings

Criteria for evaluating Bitcoin wallets' privacy properties.

GNU General Public License v2.0

47 stars 10 forks source link

maybe new attack -- another app on the same device captures keystrokes #118

Open kristovatlas opened 8 years ago

kristovatlas commented 8 years ago

this is particularly easy to do with a malicious keyboard app on Android, I think.

A countermeasure might be enforcing that the standard system keyboard is in use, or avoiding having the user type in data relevant to their transactions, such as their backup mnemonic.

Referernce: https://medium.com/@paullinator/why-a-12-word-mnemonic-is-an-insecure-bitcoin-wallet-backup-d56085da6c8d#.asyvg5yhg

kristovatlas commented 8 years ago

I would suggest we postpone this to the 4th edition.