Last days a Swiss cryptographer Jean-Philippe Aumasson has tweeted a post putting TronLink's Android mobile wallet encryption security to a shame.
The Co-Founder of Swiss company Taurus has claimed putting only 20 minutes of effort into finding that the encryption being used for encrypting the 12 word mnemonic phrase is simply too weak.
The encryption being used by TronLink's Android wallet is currently AES-ECB which has been deemed as security incompliant for many years. Recently Zoom has been heavily scrutinised with a long report coming as post mortem of the online meetings hacks, with the company highlighting how their engineering management has violated industry standards which impacted the product security. One of the biggest highlights was the encryption, which coincidentally is the same insecure standard that TronLink's Android wallet currently uses.
The below is a graphical demonstration highlighting the efficiency of the cryptographical algorithm mode in stream encryption, hopefully giving you an idea of how weak it is.
The early reports however seem to calm the situation a bit down in that the attack to be successful would have to happen on the victim's device and do re-assure that the security vulnerability does not lie within Tron's Network, rather in the TronLink's Android wallet.
It is always best to stay slightly cautios, with all the security vulnerabilities surfacing in the past months such as the Android Firefox bug allowing hijacking mobile browsers having an attacker combine those vulnerabilities could end up in sad days for some of us.
- Zerologon vulnerability exploitation on the rise
- Cyber Threat On The Rise
- Firefox bug allows hijacking mobile browsers
- Zerologon Vulnerability
Ongoing crypto free earn campaigns:
- Coinbase Learn & Earn up to $60 of Compound
- Coinbase Learn & Earn up to $50 of EOS
- Coinbase Learn & Earn up to $50 of XLM
Ongoing crypto non-free earn campaigns:
- Crypto.com $50 of CRO once 1000 CRO staked