There is no such thing as a fully secure and online device.

You can sandbox, you can encrypt, you can obfuscate,

but you will never be invulnerable.



The only way you can guarantee that your sensitive information is never stolen though the internet is to never put that information on a device connected to it (now or in the future).

The latest example

Coin Telegraph, Bleeping Computer, and others have begun making their reports based on the advisory paper by MWR Labs titled "Screen Capture via UI Overlay in MediaProjection". This latest exploit effects around 77.5% of all Android devices, and allows attackers to record screen contents and audio playback without any notification to the user.

This exploit is only one in a series of potential attacks effecting Android devices. From this year alone, we've seen Cloak & Dagger and the revised toast overlay attack that have the capability of complete takeover of the device without user notice or intervention.

Android is far from being the only one with security issues. Both Android and iOS devices are vulnerable to attack as demonstrated by the "BroadPWN" Broadcom Wi-Fi chip exploit that allows an attacker to execute code without any user interaction.

The crypto effect

I've written several time before about how cryptocurrencies are redefining the hacking world. All the right ingredients are exist in this relatively new and rapidly growing space:

• Lots of ignorant and new users

• Lots of money

• Low risk / high reward for hackers

• No centralized protections

• Tons of new, non-audited code in use

Unfortunately, the only good way of avoiding being compromised these days is to have an understanding of security at a technical level. The old "3 things to stay secure" paradigm just doesn't work. You have to know why those 3 things are effective so that you can accurately judge if they still apply when new software comes along.

Check out my Advanced Crypto Security Guide (part 1, part 2, part 3) and my ongoing "Computer Hygiene" series (part 1, part 2, part 3, part 4) for some useful information about computer security as it applies to cryptocurrencies.