HomeCoinsZcash (ZEC)Privacy-leak bug discovered in Nighthawk and ECC wallets

Privacy-leak bug discovered in Nighthawk and ECC wallets

- Advertisement -


Nighthawk Wallet iOS and ECC Reference Wallet iOS users should upgrade to the latest versions in order to remediate a security vulnerability in the ECC iOS Wallet SDKs. No other wallets are affected by this bug, and remediation steps are outlined below.

Vulnerability details

In buggy versions of the wallets, when a user opted to include their wallet’s address in an outgoing memo field using the “Reply-To” feature, the wallet would mistakenly include the wallet’s secret viewing key rather than the wallet’s address. If you use the Nighthawk Wallet or the ECC Reference Wallet for iOS, you can determine if you were affected by examining each of your wallet’s outgoing transaction memo fields and looking for any “Reply-To” components that begin with “zxview”. A field beginning with “zxview” indicates that your wallet’s viewing key was included in the memo rather than the wallet’s address.

Remediation steps

All users should immediately upgrade to the latest version of the wallet software. If you were affected by the bug, i.e., one or more of your outgoing “Reply-To”’s begins with “zxview”, then the recipients of those memos will be able to see your wallet’s transaction history, including any memo field contents. Due to the permanent nature of information stored on the blockchain, it is not possible to revoke access to that information.

To prevent unintentional viewing key recipients from seeing any future transaction details, you must upgrade your wallet to the latest software version, create a new wallet, and migrate your funds to the new wallet. Please back up your seed phrase prior to attempting this to reduce the risk of accidentally losing funds in the process.

Affected versions

The bug existed in the ECC iOS Reference Wallet 0.3.7-105 codebase from May 6, 2021 to today. The commit containing the fix is available here and in versions of the ECC Reference Wallet 0.5.0-120 or later (for testnet) and 0.4.0-117 or later (for mainnet). The ECC iOS Reference Wallet has a very limited distribution, almost entirely limited to ECC employees.

Nighthawk was affected as of version 1.9, which was released on July 2, 2021. The bug has been fixed as of version of Nighthawk 1.21 which was released July 11, 2021.

We would like to thank the Nighthawk Wallet developers for discovering the bug and acting on it immediately.



Source link

- Advertisement -
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,502FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 66,162.00
ethereum
Ethereum (ETH) $ 4,215.90
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 647.04
litecoin
Litecoin (LTC) $ 213.37
eos
EOS (EOS) $ 4.92
okb
OKB (OKB) $ 25.55
tezos
Tezos (XTZ) $ 7.10
leo-token
LEO Token (LEO) $ 3.06
cardano
Cardano (ADA) $ 2.25
monero
Monero (XMR) $ 264.91
stellar
Stellar (XLM) $ 0.396671
chainlink
Chainlink (LINK) $ 27.87
huobi-token
Huobi Token (HT) $ 9.49
tron
TRON (TRX) $ 0.104184
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 204.44
neo
NEO (NEO) $ 46.24
iota
IOTA (MIOTA) $ 1.31
nem
NEM (XEM) $ 0.176966
zcash
Zcash (ZEC) $ 151.50
maker
Maker (MKR) $ 2,634.80
paxos-standard
Pax Dollar (USDP) $ 1.01
ethereum-classic
Ethereum Classic (ETC) $ 57.07
vechain
VeChain (VET) $ 0.125102
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 62.41
kucoin-shares
KuCoin Token (KCS) $ 14.95
waves
Waves (WAVES) $ 29.36