Security Analysis of the IOTA Trinity Wallet
Comprehensive security analysis of IOTA wallet Desktop app
A security assessment for the IOTA “Trinity” wallet project desktop version was carried out by accessec GmbH, between July 2nd and July 14th 2018. The target of the assessment was to review the current security posture of the Trinity wallet app on Desktop platform. With a “best practice” approach and the expert experience of the accessec security team, accessec` s acta® methodology, Open Web Application Security Project (OWASP) Mobile Security Testing Guide and the SANS Guide for Mobile AppSec Verification were used to set up the test structure.
The assessment itself was carried out by accessec GmbH based on the abbreviated version of the acta® and SANS approaches with focus on Open Web Application Security Project (OWASP) Mobile Security Testing Guide, as only a reduced set of test cases was needed to assess the security of the Trinity wallet.The assessment involved both static and dynamic analysis of current versions of the wallet.
1.1 Purpose of this report
The IOTA Foundation has provided a basic GUI interface to enable seamless and secure machine-to-machine interactions and transaction on the network. Then, some users have asked for a redesign of the wallet, to deal withsome of the issues they face. For that reason,the IOTA Foundation has decidedto satisfy the desire of the users by redeveloping the IOTA GUI wallet. However, significant changes have been made to the design over the last couple of months. To ensure that Trinity walletmeets security expectations IOTA hired external security auditcompany, accessec, to check Android, iOS and desktopTrinity wallet apps for security vulnerabilities before releasing it to the public. This report contains a summary of the findings from the security audit and details how these findings lead to changes in the Trinity wallet applications to mitigate the issues that were identified.
4. Conclusion and recommendations
All issues identified during the first analysis of the Trinity wallet have been solved or remediated as far as the analysis has shown. We wish the IOTA Foundation and the Trinity wallet much success and continued growth of the community.