New iPhone Hack Impacts 1 BILLION Apple Users, And What It Means For Your Crypto.
How A Huge iPhone Vulnerability Holds A Crucial Morale For Cryptocurrency Investors.
- On August 30th 2019, Google’s “Project Zero” team warned about a serious vulnerability potentially impacting over 1 BILLION Apple users.
- At least five different exploit chains have been identified, ranging from iOS10 to even the latest iOS12.
- Allegedly, an attack could access photos and messages, steal login credentials and banking passwords, and access location information.
- The morale for crypto investors: it is not safe to keep your private keys on an exchange, your smartphone, in an application or web browser, and yes: not even on a USB or Bluetooth based hardware wallet.
- To truly secure your crypto, you have to not only generate your private keys offline, but also never expose your private keys afterwards, ever.
- NGRAVE has been working on a truly — 100% — offline hardware wallet for a while now, and will soon unveil it: The NGRAVE ZERO.
1 Billion iPhone Users
“Apple users are still reeling from the shocking disclosure by Google’s Project Zero team that a number of “hacked websites” have been used to attack iPhones for two years. And every single up-to-date iPhone has been / is vulnerable. Now, two days later, those same 1 billion users face further damning revelations”, writes Zak Doffman of Forbes on September 1st 2019.
Given the sophistication and scale involved, it is very likely that a nation-sponsored threat actor is involved. The nation likely China, the primary target the Uighur community in the Xinjiang state. Apparently the culprits have gotten away with this for 2 years now, as disclosed by Google.
“There was no target discrimination,” Google said of the hack, “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.” “In a heartbeat, the researchers had pricked the bubble of Apple’s supposed security superiority,” Doffman writes.
Google’s research team uncovered at least five different iPhone exploit chains, ranging from iOS10 to the latest iOS12. Allegedly, an attack could access photos and messages, steal login credentials and banking passwords, and even access location information.
What The iPhone Hack Means For Cryptocurrency Investors
While this likely has many repercussions amongst which potentially a severe undermining of the Apple brand, it also bears an important morale for cryptocurrency investors. Safekeeping your crypto on your smartphone, on an app, on an exchange, or anywhere else where an online connection is involved, is without exception A SECURITY RISK. Even if you think it’s safe, think again.
There is one thing only you can do if you want to rest assured your crypto are truly immune to online vulnerabilities. And that is going completely, 100%, offline. That doesn’t have to mean you can no longer consult your account history in real time, or manage your wallet by receiving or sending transactions. What it does mean is that the secret access keys to your crypto accounts need to be not only generated offline, but also kept offline at all times. The only type of device that could do this is one without any network capabilities. As the Stuxnet virus — first uncovered in 2010 — confirms, even a USB connection is more than enough to go as far as cause substantial damage to a whole nation’s nuclear program.
The NGRAVE ZERO
We hear you thinking either a) “yeah, so you’re talking about a cryptocurrency hardware wallet?”, or b) “such a thing doesn’t exist?”.
To answer a), existing hardware wallets typically rely on either USB or BLE, both having their own proven vulnerabilities. To answer b), well — as a matter of fact, such a solution does exist. And it’s called the NGRAVE ZERO. The whole reason why we built it is all of the above. (As a side note, the ironic twist that Google’s team disclosing the vulnerability is called “Project Zero”, is purely coincidental and has no link to NGRAVE naming its hardware wallet the NGRAVE ZERO.)
A 100% Offline Cryptocurrency Hardware Wallet
The NGRAVE ZERO is a 100% offline cryptocurrency hardware wallet without any network capabilities whatsoever. As such, it is immune to any remote and online attack vectors. The NGRAVE team designed and developed it from scratch in close collaboration with the world leading R&D and innovation hub for nano-electronics and chip manufacturing imec, and with world leading experts in applied industrial cryptography and hardware security, the COSIC Group (also the minds behind AES256 — the data encryption standard used for encrypting US Government top secrets information). The reason to develop it from the ground up is to make the device physically impenetrable for potential attackers. Fun fact, COSIC has hacked the Tesla cars not only last year September, but again just a few days ago.
NGRAVE has defined and implemented a whole new security framework. As NGRAVE aims to be as open source as possible, the white paper can be found through the following link:
The exposed Apple vulnerability confirms what has been confirmed time and time again. The internet is full of malicious threats. Once you establish an online connection, you open the Box of Pandora and hackers can try to attack you. For crypto investors, the morale is this: if you truly wish to keep your crypto safe, you need to protect your private keys as much as possible. The best way to do so is to generate them offline and keep them there. NGRAVE provides a secure end-to-end solution for the self-sovereign management of your digital assets, including your cryptocurrencies.
Learn more about our mission to eradicate the loss and the malicious hacking of your crypto: