We are currently accepting article submissions for free.

Protecting a Hot Wallet Service

bg-top

While the user holding the device can be sure that no transaction is authorised unless they provide their password, a weakness in all this is that they get no indication of what they are authorising. They are viewing details of the transaction using their computer, and in theory the unique identity of this is what they are authorising, but the computer’s software could instead provide the identity of some other transaction and the user would be unaware of this at the time. In addition, if the password is entered into the device via the computer, it is possible for the software to authorise several transactions without the user knowing while the device is plugged in.

However, attacks like this would require a degree of sophistication and as soon as one user detects a discrepancy in their transaction record it is likely that an investigation would reveal the attack and it would be stopped. So, to be an effective attack, it would have to be targeted at a single high-worth user or coordinated over many users. A coordinated attack must be delivered to large numbers of users and remain hidden before striking simultaneously against any device that is online, which makes it difficult to do.

SHARE POST:
Recently Published