Cointime

Cointime

Download App
iOS & Android
Home / Point

CertiK reveals critical vulnerability in mobile device Trusted Execution Environment (TEE)

CertiK tested devices equipped with TEE-based dedicated wallets, revealing a major vulnerability in the trusted execution environment (TEE) of mobile devices. TEE has always been considered the ultimate defense for device security, requiring users to access TEE wallets through a PIN code when setting up wallets in "secure mode" on the device. However, CertiK's test results show that attackers can easily extract the PIN code stored in the TEE, and then access the wallet and obtain the private key, successfully stealing assets. The manufacturer of the test device quickly contacted CertiK and fixed the problem with the TEE seed library in the latest version. CertiK emphasized that Web3 users must remain highly vigilant and guard against implementation flaws in security measures. When necessary, professional third-party security audits and technologies should be sought to protect their assets.

Certik
Comments

All Comments

Recommended for you

  • Vivek Ramaswamy X's account was hacked, and the cooperation with USUAL was fake news

    Vivek Ramaswamy, who co-leads the US government efficiency department with Musk, confirmed that his X account was hacked and false news about cooperation with USUAL was previously released.

  • Binance Alpha announces first batch of projects: KOMA, Cheems, APX, ai16z, and AIXBT

    according to official sources, Binance Alpha has announced its first batch of projects, which are: KOMA, Cheems, APX, ai16z, and AIXBT.

  • ZachXBT: X platform account leakage may be related to the lack of 2FA security measures

    blockchain detective ZachXBT wrote: "Recently, there have been many account leak incidents on X platform. I suspect that these accounts did not use secure keys or identity verification programs for 2FA."

  • South Korea's Constitutional Court will hold its first hearing on the impeachment case of Yoon Seok-yeol on December 27

    a spokesperson for the South Korean Constitutional Court stated that the court will hold its first hearing on the impeachment case of Yoon Seok-yeol on December 27th. (Jinshi)

  • FASB's fair value accounting standard for Bitcoin officially takes effect today

    On December 16th, according to The Bitcoin Historian, an editor at Bitcoin Magazine, the fair value accounting standards for Bitcoin by the Financial Accounting Standards Board (FASB) officially took effect. Previously, companies could only measure their held Bitcoin assets by historical cost and could not reflect their market value growth. The new standard allows companies to use fair value measurement methods to more accurately reflect the actual value of their Bitcoin assets, which will reduce accounting barriers for companies to include Bitcoin on their balance sheets. MicroStrategy founder Michael Saylor previously stated that FASB has officially passed fair value accounting rules for Bitcoin, which will apply to fiscal years beginning after December 15, 2024. This improvement will encourage companies to adopt Bitcoin as a reserve asset.

  • Musk's lawyer accused the SEC of improper investigation of Musk and his affiliated companies and demanded that the source of the instructions be made public

    On December 13th, Musk tweeted, "Gary Gensler, how could you do this to me?" along with a screenshot of an email from Musk's lawyer to Gary Gensler, the chairman of the US Securities and Exchange Commission (SEC). The email, sent by Quinn Emanuel law firm on behalf of Musk, strongly criticized the SEC's improper investigation of Musk and his affiliated companies. SEC commissioners have issued a final ultimatum to Musk to accept a settlement within 48 hours, or face multiple charges, claiming that this action was taken based on instructions from superiors. At the same time, the letter mentioned that the SEC has reopened its investigation into Neuralink, a company owned by Musk, indicating that the SEC's actions have gone beyond seeking the truth and instead are targeted behavior based on improper motives.

  • The market value of the meme coin related to the murder suspect of the US insurance giant CEO has risen to 77 million US dollars

     DL News, the suspect in the murder of UnitedHealthcare CEO Brian Thompson has attracted the attention of cryptocurrency users. After the insurance executive was murdered on December 4 and a large-scale search operation was launched by the police, bettors on the Polymarket cryptocurrency prediction platform invested $500,000. At the same time, the price of Meme coin related to the details of the search operation skyrocketed. A Meme coin named after the criminal suspect Luigi Mangione's name soared to a market value of $77 million, then fell to about $17 million (currently rising to $20.7 million). DL News stated that this Meme coin surge highlights the dark side of Meme culture.

  • Poland arrests former CEO of Russian CEX WEX and will extradite him to the US

    On December 9th, according to Reuters and Polish media Rzeczpospolita, Polish authorities arrested Dmitry V, former CEO of Russian cryptocurrency exchange WEX, in the center of Warsaw. He is accused of fraud and money laundering during his time managing WEX, which collapsed in 2018.

  • South Korea's ruling party leader: Yoon Seok-yeol will not interfere in South Korea's national affairs before stepping down

     South Korean Prime Minister Han Deok-soo will meet with the leader of the ruling party, Han Dong-hoon, on the 8th local time to issue a joint statement on the South Korean political situation. Han Dong-hoon stated that most people believe that the president should resign. In addition, Han Dong-hoon also stated that he will not interfere with South Korean politics before Yoon Seok-yeol steps down. South Korean Prime Minister Han Deok-soo apologized to the people for the current situation and stated that he will cooperate with the ruling party, the National Power Party, to ensure that there is no blank period in the operation of the country's politics. He also asked the National Assembly to pass the budget proposal.

  • CertiK Chief Security Officer: The number of security incidents as of September 2023 has exceeded the total in 2022

    On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company