Cobo Wallet
Cobo Custody
Cobo Vault

Preventing a Man-in-the-Middle Hack

This is part five of a Crypto Safety Series detailing common and preventable hacks that you need to know.
#cobo vault #hackseries • October 31, 2018


Are you a fan of online transactions? Be it cash or cryptocurrencies, do you ever wonder how secure your transaction is? In this article, we will be exploring man-in-the-middle hacks!

What is a Man-in-the-Middle hack?

A man-in-the-middle hack is when the hacker intercepts communications between systems. Imagine Jay wants to transfer 5 BTC to Ned. A hacker manages to intercept the transfer communication. The hacker then changes Ned’s wallet address to his own. To let Jay believe that he is transferring to Ned, the hacker also manipulates what he sees on his screen (Jay is shown a transfer to Ned’s wallet address). Knowing that the transfer is “correct”, Jay then proceeds to sign the transaction. As a result, the bitcoins were sent to the hackers (poor Ned).

How do hackers do that?

One common way hackers accomplish man-in-the-middle hacks is by giving out free (but malicious) Wi-Fi hotspots to do “Wi-Fi eavesdropping.” Public Wi-Fi networks can also be a good tool, as they usually have a low security set-up, which makes them easy to exploit as well. If the Wi-Fi network has been compromised, hackers will be able to see all your online activities. One common example happened in 2016, when a reporter was hacked by a white hat hacker after connecting to airport Wi-Fi.¹

Another example is the use of Near-Field Communication (NFC).In 2016, security researchers discovered several vulnerabilities in Samsung Pay, an NFC-based payment tool. Among other vulnerabilities, researchers revealed that hackers could use an interception app to clone the authentication token used to verify that the transaction is a legitimate request.² With the token in hand, hackers could use that user’s Samsung Pay account to make a purchase anywhere within 24 hours.

How does Cobo Vault prevent Man-in-the-Middle hacks?

With Cobo Vault, we realized that, as long as there is some sort of connection or signal transmission, it can be intercepted. Therefore, Cobo Vault is designed as a cold device with no WiFi, Bluetooth, USB, and 3G/4G capability.

To communicate, Cobo Vault uses QR code technology. Man-in-the-middle hacks cannot be executed in this scenario because information is transmitted using a camera and encrypted QR codes. Moreover, hackers will not be able to intercept any connection since there won’t be a connection! You may be wondering now how Cobo Vault can be upgraded if there is no USB, no WiFi, Mobile Networks, Bluetooth, or NFC. For this, a TF card is used for firmware updates. Firmware updates are downloaded from the official website and uploaded onto a TF card. The TF card is inserted into the Cobo Vault and the firmware update is completed. Since, root permissions and installation of 3rd party apps are disabled, TF card updates are safe as well.

Promoted articles

Use Cobo Wallet to Get $ONE

August 20, 2019

Cobo v4.3 Adding Crypto Index Funds

August 09, 2019

Cryptocurrency Index Funds

August 08, 2019