Open Response to Blind Signature Vulnerability
Background
It was publicly claimed that all Tezos wallets suffer from a serious security vulnerability, including Kukai wallet.
Attack
Blind signature attack — An attacker compromises public rpc nodes and counterfeit operation data. If the client blindly trusts the node, user funds could be lost at a wide scale.
Demo
Protection
Kukai wallet considers all operation bytes returned from the forge rpc call as untrusted. The operation bytes are parsed so it could be validated against the initial operation that the client asked the rpc node to forge. Any manipulation will be detected, leading to an exception being thrown and the user being informed about the failed client-side validation.
Conclusion
Kukai wallet is not vulnerable to the blind sig attack. This attack vector was identified and mitigated before the wallet was first released to the public in summer of 2018. We always welcome a public debate about security. We, however, strongly believe that security best practice of 90 days notification before any responsible public disclosure should be followed in order to protect the end users while improving overall tezos ecosystem security. Basic testing would have shown that Kukai wallet is not vulnerable to this attack. We have put great care into designing and building the wallet with a security-first approach. Our code is open-source and, as always, we welcome pull requests and all other forms of contribution.
In case you have any doubts or concerns regarding the integrity of your Kukai wallet, please contact us on our riot channel.
