Bitcoin is safe, except when it is not. It can become not safe when the devices that hold them are compromised. Just as bitcoins stored on an exchange are only as secure as that exchange, bitcoins stored on your computer or cell phone are only as secure as those devices.

iOS vulnerability

Recent news has highlighted just how insecure many of our devices are. While many rejoiced at the news that Apple would once again allow Bitcoin wallets on the app store, developments have brought into question the security of the devices.

Apple users are quick to point out that the vast majority of mobile based malware targets Android and not iOS, and that is true. However, a security firm has identified hidden processes and backdoors installed by Apple itself in order to give the company, and by association any law enforcement it co-operates with, near complete access to iPhones and iPads running iOS 7 or later.

The hidden “services” were uncovered by a member of the iOS jailbreaking community, Jonathan Zdziarski (aka NerveGas). The programs have names like “lockdownd” and can be accessed via USB, Wi-Fi and possibly even cellular signals.

- Jonathan Zdziarski

For its part, Apple has responded to the accusations, admitting to the programs' existance but saying that they are only used for services users opt into and that the company doesn't have access to encryption keys. Zdziarski responded saying that Apple doesn't need encryption keys because the programs in question can circumvent any encryption. He also maintains that there is nothing in the code that indicates the programs need user permission to run and take personal information.

Late last year, when the NSA spying program DROPOUT JEEP was first revealed by German media Der Spiegel, it was shown that the NSA was targeting iPhones and installing malware on them in order to gain near complete access to the devices. At the time, the documents implied that physical contact with the device was necessary. If the back doors installed by Apple are as bad as Zdziarski maintains, physical contact with a device no longer seems necessary.

The Bitcoin connection

It may seem like a separate issue, but this puts both online wallets and locally stored Bitcoins at potential risk and at the mercy of both Apple and law enforcement, two entities that haven't exactly been friendly to Bitcoin and Bitcoin users in the past (regardless of Apple's revised policy and recent positive comments by some in the government).

One of the selling points of Bitcoin is that the feds can't touch your money. A major constitutional issue that is often ignored is that the government will often freeze the assets of the accused as “proceeds of the crime” before the accused has a chance to defend his or herself. This leaves defendants unable to pay for the high priced lawyers often necessary to defend oneself against the legal might of the government.

Some have argued that this practice is unconstitutional because it assumes guilt without proof in court and leaves the accused without recourse for defense.

Bitcoins are supposed to be safe from such seizures, which is one reason why Ross Ulbricht, the man accused of being Dread Pirate Roberts, had his bail denied. While the government managed to seize bitcoins held in the Silkroad's escrow, Ulbricht's suspected hidden stash of bitcoins has not been touched. The government claims he is a flight risk because of this, but in another situation the coins could theoretically be used to pay for a lawyer even after the government seized fiat assets.

Least you think this is unnecessary fear-mongering, consider what asset forfeiture, which is what seizing the assets of a crime is often called, brings into the government every year. Police departments keep up to 80 % of the cash sized. Law enforcement doesn't even have to charge a citizen with a crime in order to seize money they suspect was obtained through illegal means. Citizens can file a motion to have the money returned to them, but that is an expensive process and can often cost more than the amount confiscated. Police departments have taken cash, frozen accounts and even seized houses, all without charging the owners with a crime.

There is no reason to feel Bitcoin is safe from the continually growing tentacles of the law, unless we take steps to ensure it is safe.

If the government, through Apple, has control and knowledge of everything on your iOS devices, it is that much easier for them to obtain, lock down and confiscate your bitcoins. Any coins stored in offline “cold storage” wallets would theoretically be safe, unless the government used keyloggers to steal private keys before they were deleted from a phone or computer. It seems likely that they have that capability with iPhones, and access to dozens of other devices like internet routers, who doubts Windows and Mac OSX are not similarly compromised?

With completely frozen assets, it can be nearly impossible to mount a serious defense. Public defenders are notorious for quickly recommending plea deals and generally being unable to properly represent their clients.

If Bitcoin is really meant to be secure from outside parties, these are the sort of developments we need to watch for as a community. The United States government's position on Bitcoin is still unclear and the substantial increased power held by shadowy organizations, like the NSA and CIA, perpetuated and approved by both political parties, should give us all pause when it comes to the issue of trust.

Of course, the government isn't the only entity out there that could potentially pilfer your bitcoins. A much more immediate threat to the security of your coins is the mass of thieves, scammers and greedheads that populate the internet. There is also the instability of banks and the growing possibilities of bail-ins. Those are real concerns, but that doesn't mean we shouldn't pay attention to potential threats from those that claim to protect us, or the companies that allegedly heed their call.

Did you enjoy this article? You may also be interested in reading these ones:

Do you want to read Cointelegraph from your mobile device? Then go to our Indiegogo campaign, contribute, collect your prize and enjoy the mobile app!