TRONlink wallet has really poor encryption according to the Taurus CSO Jean-Phillippe Aumasson who reveled that the wallet uses a common-but weak form of encryption as we are about to read in the Tron news today.
According to Aumasson, the TRONLink wallet has a weak level of encryption so if an attack were to happen, a victim’s TRON cryptocurrency could be jeopardized. Jean-Phillippe Aumasson, the CSO and co-founder of Taurus, the popular Swiss fintech company specializing in secure digital infrastructure for cryptocurrencies and digital assets. He discovered a potential vulnerability in the TRONLink wallet yesterday.
The blockchain platform TRON has previously been criticized for not taking the security issues seriously. In early 2018, there were some claims that TRON allegedly plagiarized the whitepaper and at that time, the alleged vulnerability sits in the underlying code of the TRON wallet and according to Aumasson it went undetected:
“[These are] basic shortcomings in crypto that any competent auditor would have spotted.”
The mnemonic is a list of 12 words that can be used to turn into a private key that has control to some cryptocurrency. Aumasson claimed that TRONLINK’s mnemonics are poorly encrypted:
“Looks like the official Tron wallet uses AES-ECB to encrypt the 12-word mnemonic.”
Check new progresses on #TronLink🚀🚀
1⃣️Android v3.7.5 is already released
2⃣️@JustWrapper is officially launched on #TronLink Android app
3⃣️iOS new version is in development now…..
⬇️Learn more https://t.co/LubXYNXflv
— TronLink (@TronLinkWallet) September 28, 2020
AES-ECB refers to the code used to encrypt the mnemonic code and the reason this is a poor choice which is why ECB mode fails to protect encrypted data successfully:
“The ECB mode treats each data block independently, whereas there should be some correlation between the blocks in order to guarantee the higher form of security.”
ECB was long criticized by multiple security researchers for having a weak form of security as the cybersecurity firm NotSoSecure described it:
ECB is the simplest and a popular encryption mode, but at the same time, quite weak.”
The attack will have to happen locally on the victim’s own device which is because it’s not a problem with the blockchain network as they can be accessed from anywhere. If successful, the hacker will be able to access the victim’s TRON cryptocurrency and send it to their own address. While Aumasson acknowledged that this doesn’t affect the holders of the cryptocurrency, it affects those who use this wallet. If Aumasson is right, TRON holders could want to take precautionary auction as he suggested:
“I’d encourage Tron holders to a) ensure that the issue is mitigated by the wallet developers in the next release, b) ensure that they have strong passwords, c) consider alternative wallet applications.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post