The HTC Exodus Blockchain Phone Comes Into Focus

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.
How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency
Casey Chin

Blockchain phones are coming, that much is certain. The Sirin Labs Finney and the HTC Exodus are both expected by the end of the year, each with its own, sometimes vaguely defined sense of what exactly that term means. HTC’s Phil Chen, who spearheaded Exodus development, has at least started to fill in the blanks of how the Exodus will pull off its most important trick: keeping your cryptocurrency safe.

The Exodus has loftier ambitions than mere storage, of course. “A few years down the road, we see a world where people own their own identities and data, where everyone understands the concept and economics of digital property,” says Chen, HTC's decentralized chief officer. For the moment, though, the primary concern for the Exodus’s intended audience is how well it works as a hardware wallet.

That had, until now, been a bit of a question mark. After all, a smartphone seems like an inopportune place to stash digital currency. Android phones, in particular, present inherent security risks, subject to a wide assortment of malware and other targeted threats. Smartphones also, as you may be personally and painfully aware, tend to get lost or stolen, at least more than is ideal for what aspires to be a digital bank vault.

In fact, even the mere act of connecting to the internet goes too far for protective cryptocurrency investors, who prefer to keep their assets in so-called cold storage wallets, which remain entirely offline. If anything, cryptocurrency storage has trended toward that extreme, with some deep-pocketed enthusiasts opting for physical vaults with Faraday cage surrounds.

By contrast, putting your cryptocurrency—more specifically, the private keys required to access it—in an Android phone might seem the equivalent to stashing your money not under the mattress but neatly on top of it, and then placing that mattress on a fairly busy street corner.

“Phones are very promiscuous in the sense that they transfer a lot of data, they connect to a lot of networks, we install third-party apps on them. They can be made relatively secure, but they’re not the safest thing to carry around a lot of money,” says Matthew Green, a cryptographer at Johns Hopkins University who is affiliated with a privacy-focused cryptocurrency called Zcash. “And if you’re not carrying a lot of money, you don’t need a special phone.”

And yet tens of millions of people already use software wallets, Chen says, tied to centralized exchanges like Coinbase. “What’s obvious in the old internet model, is centralized cloud systems are very hackable,” says Chen. “Centralized honeypots are continually hacked. The concentration of data in walled gardens increases the cost of security.”

The HTC Exodus aims instead for something of a compromise. It isn’t quite cold storage, but at least it empowers users by allowing them to hold their own keys. It does so by placing them in a so-called trusted execution environment, a part of an ARM chip called TrustZone. The secure enclave sits apart from the operating system, designed to inoculate precious cargo even in the event of a broader breach. Think of it as a smartphone’s panic room.

The concept of a secure enclave isn’t new; Intel has offered one for PCs for some time, and Apple uses one to protect the biometric data—your fingerprint and face—that it uses to unlock the iPhone. Even TrustZone has been around for years, commonly used by studios and such to lock down DRM-protected content.

It’s as good an answer as any right now, and preferable to HTC attempting to built its own solution from the ground up. But TrustZone isn’t a security panacea. “If somebody claims something is secure, a lot of people try to poke into it,” says Simha Sethumadhavan, a computer scientist at Columbia University. “Over the years there have been several attacks on TrustZone.”

That includes one from Sethumadhavan, who along with coauthors Adrian Tang and Salvatore Stolfo published research last year detailing how to not just break TrustZone security but alter the code that’s running in the secure environment.

To be absolutely clear: These attacks are difficult to pull off, and TrustZone generally works as advertised. “It does significantly raise the bar for the attacker,” says Sethumadhavan. “It’s better than putting it in the insecure world, for sure,” he adds, referring to the broader Android operating system.

Even Chen, refreshingly, recognizes the trade-offs involved. “There’s no such thing as 100 percent security. It’s always a balance between security and usability,” he says. “We’re still at the very early stages of educating users that this is not a 100 percent secure solution, but as of right now it’s the best so far. It’s our attempt to do something that’s best from the market.”

Until and unless the industry open sources everything, Chen says, HTC has to take as an article of faith that ARM and chipmaker Qualcomm will deliver the security they promise. He acknowledges that hardening the HTC Exodus will also require input from cryptographers and the broader cryptocurrency community. “It’s really a beta,” he says. “We’re still targeting the 30-35 million people that have software wallets, and this is a much better solution than that.”

And while Chen wouldn’t argue that the Exodus is more secure than cold storage, he does stress that it offers much better usability. There’s no dusting off a hard drive and connecting it with USB to your laptop and struggling through a clumsy interface.

The HTC Exodus will also offer a novel way to recover your keys, which are often a series of words that need to be entered in the event that you lose access to your wallet. If you lose both your wallet and your recovery keys, you’ve officially lost everything.

That dynamic comes into especially sharp relief with smartphones, which, when you aren't losing or breaking them periodically, you're actively replacing every two or three years.

HTC’s proposed failsafe: You can split your key among three to five people you trust, all of whom will need to download an app for this to work. You won’t need their help to assign transactions, but you will if you lose your phone. “It revolves around this fundamental principle of users owning their keys. I do want to stress that this is a very, very difficult problem. People aren’t used to owning their keys. People are used to calling up Apple or Google,” says Chen.

Putting that power in the hands of users and their friends is certainly in line with the HTC Exodus philosophy. But it also raises several immediate flags: What if you have a falling out with one of those friends, or they get a new phone, or delete the app, or die? Does the backup have a backup?

Not yet. “This is the 1.0 version,” Chen says. “There are other backup plans that we’ve thought of, but they’re not part of the solution yet.”

That sounds dire, but it’s at least something. If you find yourself in a comparable situation with a cold storage wallet—or the Sirin Labs Finney blockchain phone—you generally have no options at all.

Plenty of questions remain about the HTC Exodus, especially regarding the company's long-term vision of revolutionizing how people relate not just to their cryptocurrencies, but their data and identity. HTC may still be figuring out how the blockchain smartphone will change the world. But at least it has some answers as to how to make it safe.


More Great WIRED Stories