You are right. Well nearly. Some sensitive information is definitely saved on the client side. But its not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.
If an attacker gains full access to the mobile, he can spend the funds (just like with private keys stored on a mobile wallet).
Biometric data (e.g. fingerprint) is stored on the mobile. Together with the shared secret, that's all one needs to initiate a transaction using your server.
So.. in the end it again comes down to only the security of the mobile.
So you are assuming here that the attacker will by bypass the user device biometric and find a way around the device biometrics and that the owner during that time will not notice his device is not available. Is that reasonable?
What you described is also valid with a hardware wallet stolen from you. The attacker will also need the pin and, just like on a mobile device, will be locked out after a few trials.
Finally, we are introducing soon additional protection to cover exactly that case. I want to draw your attention to the fact that unlike hardware wallet there is no back up that can be stolen by an attacker and result in the loss of funds. It's better to look at the security set up from all angles.
Its encrypted by the client and stored encrypted on the server. The server cannot access it.
But it IS stored online. And that's a huge problem already.
Why is that a problem exactly? the file is unusable and unreadable. What exactly could we or anyone do with it?
This is the same as claiming multiSig is irrelevant because when you steal one key, then its not multisig and you need just one extra key.
With multisig (and someone i know holding the second key out of a 2-of-2 multisig) an attacker can not simply steal my mobile with one of the keys and initiate a transaction by claiming he is the real person.
Your server (i.e. with fingerprint) does exactly this.. I steal a mobile, initiate a transaction using the shared secret and the fingerprint data on the mobile.. and your server happily signs it.
Yes indeed. Multisig can help you the way you describe. That said, anyone with access to one of the multisig keys can impersonate who you think he/she is and you will validate the attacker transaction. On ZenGo only the owner can access his funds.
You are assuming here you will be able to "steal the secret" from the phone. How will you be able to do that exactly?
By the way if you are so confident in your ability to hack ZenGo, we provide you all account access and even the picture to an account that holds 1BTC.
https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/
To be compared with a hardware wallet where the Backup/Mnemonic would be provided. Are you ready to share yours?