Security Analysis of the IOTA Trinity Wallet

Comprehensive security analysis of IOTA wallet Desktop app

1 Introduction

A security assessment for the IOTA “Trinity” wallet project desktop version was carried out by accessec GmbH, between July 2nd and July 14th 2018. The target of the assessment was to review the current security posture of the Trinity wallet app on Desktop platform. With a “best practice” approach and the expert experience of the accessec security team, accessec` s acta® methodology, Open Web Application Security Project (OWASP) Mobile Security Testing Guide and the SANS Guide for Mobile AppSec Verification were used to set up the test structure.

The assessment itself was carried out by accessec GmbH based on the abbreviated version of the acta® and SANS approaches with focus on Open Web Application Security Project (OWASP) Mobile Security Testing Guide, as only a reduced set of test cases was needed to assess the security of the Trinity wallet.The assessment involved both static and dynamic analysis of current versions of the wallet.

1.1 Purpose of this report

The IOTA Foundation has provided a basic GUI interface to enable seamless and secure machine-to-machine interactions and transaction on the network. Then, some users have asked for a redesign of the wallet, to deal withsome of the issues they face. For that reason,the IOTA Foundation has decidedto satisfy the desire of the users by redeveloping the IOTA GUI wallet. However, significant changes have been made to the design over the last couple of months. To ensure that Trinity walletmeets security expectations IOTA hired external security auditcompany, accessec, to check Android, iOS and desktopTrinity wallet apps for security vulnerabilities before releasing it to the public. This report contains a summary of the findings from the security audit and details how these findings lead to changes in the Trinity wallet applications to mitigate the issues that were identified.

[…]

4. Conclusion and recommendations

All issues identified during the first analysis of the Trinity wallet have been solved or remediated as far as the analysis has shown. We wish the IOTA Foundation and the Trinity wallet much success and continued growth of the community.

Read the Full Article

This post was originally published on files.iota.org. The IOTA-News Community curates, examines, and summarizes news from external services while producing its own original material. Copyrights from external sources will be credited as they pertain to their corresponding owners. The purpose is to make use of 3rd party content or pictures as either allusion or promotional endorsement of mentioned sites. If you have a claim of copyright infringement with respect to material, please mail to support[at]iota-news.com. IOTA-News.com is a community run website and is NOT affiliated with the IOTA Foundation in any way.

You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More