Holy shit. This just changed the game. Venmo best be scared bc bitcoin is perfect for early p2p adoption. Much lower barrier than between consumers and businesses.
Yeah. Bitcoin's a great way to bump cash between people. That said, there's so much $ being poured into different mobile payment methods that I'd be hesitant to call it the clear front runner.
Also, you still haven't called me about the hackathon, David.
I don't know what the impact of this will be in first-world countries, but it strikes me that this will really open bitcoin up in developing countries that have poor data availability. Just look at what M-PESA has been able to do via SMS.
Wow, this is simultaneously really cool from a usability perspective, but terrifying from a security perspective. A non changing PIN sent over cleartext (encrypted by "speech"). I guess there is plenty of room for security on the backend.
It is more than fine for casual uses, but a serious user who publishes his phone number (payment address) would be subject to a really cheap attack by anyone who can look at his phone, or a somewhat cheap attack with the ability to reroute the phone, or a slightly cheap attack with local BTS spoofing.
I assume they're checking the incoming phone number as well. So the thief needs to get your SIM card or hack the phone system. Can anyone chime in as to how difficult the latter (and how prevalent the former) is?
Spoofing the SMS on the request is easy (only policy at operators prevents it).
You do need to intercept the incoming call, but you can trivially do that ith call forwarding, or more impressively do it with network or local handset exploits.
We've tried to make it as secure as possible. The idea is that the pin is only sent over the call. So the hacker would need to listen in to your call in order to steal your pin. So they basically need to hack your SMS and your voice calls. How else can we make this more secure?
As for publishing your phone number so that you can receive bitcoins, you can publish your secondary phone numbers. We only allow you to use SMS to access your account from your primary phone number, but you can receive funds on any other phone number attached to your account. So even if a hacker knows your pin and is able to fake a call to us from your published phone number, they won't have access to your bitcoins.
Yeah, it is probably about as secure as is reasonably needed. You should also have daily and maybe total limits, do statistical anti fraud (useful in general, but more so on low trust channels)
You might be more willing to allow large repeat transactions vs large transactions to a new payee.
I haven't tried it yet, but you definitely want the voice call to include both as much transaction info as possible and a "press 0 to talk to security" etc.
Unclear which telephony provider you use, but if you are more partnered with carriers, you can see more data, which may help reduce fraud. If you turn out to have a bunch of users in Nigeria, I'd set up peering directly with the Nigerian mobile carriers. This is probably years down the line.
I'd personally be willing to risk 10-20 BTC to this level of security, but not 500. Of course, my Bitcoin holdings are 2-3 BTC right now.
The big risk is the link between Coinbase and your outsourced telephony provider. Worst case, if someone is defrauded out of 5 BTC, he can eat it, or you can eat it -- it's not material to you. However, if I can somehow compromise the entire thing and take 10% out of every enabled-for-sms account, that might be material to Coinbase. I'd make sure the entire path is secure, and do as much verification in-house as possible, and probably put aggregate limits on the whole thing.
To be clear, I like the idea here, and think it is a great thing to deploy, it just makes me scared because it is a huge step down from the rest of coinbase's security. Since it is opt-in maybe it doesn't matter as much.
Brilliant advice, but I would (optimistically) assume that Coinbase is doing some or most of these things? Fraud is a pretty well-solved problem for most payment processors.
It's a "user-friendly" feature that sacrifices some of Coinbase's own bottom line (and security) for the sake of those that want convenience over security. I wouldn't be scared unless this is enabled on your account. (In fact, from the usability end, it should require some serious hurdles to be enabled in the first place for that reason, to protect against unauthorized enabling.)
The sacrifice for Coinbase seems to be that the people that would enable this feature are accustomed to calling up Visa/MC, reporting a fraudulent transaction, and getting their money back + an affidavit in the mail, so Coinbase will have to be able to cover a fraudulent bottom line either out of their own finances or a good insurance policy.
Just wanted to say, nice work and thanks for keeping focus on security (there can never be enough...) Maybe allow the option of 2 factor auth (google auth, Authy etc.) which would be entered in on any balance-affecting transaction? (The only issue with 2 factor auth is that now limits you to smartphones pretty much, and the promise of a text message interface seems ideal for dumbphones...)
There are people who use it in the first world, but yes the killer app is in the developing world. Smart phone penetration in India for example is about 3%. Even in the U.S. it is about 45% I think from when I last checked.
Everyone defines for himself what's the point of Bitcoin is.
For some it's anonymity. For others it's cheap way to pay for stuff. Or only possible way (if CC are not working in your country). Or an wealth storage vehicle and protection against inflation. Or vote against USD and wars. Or a tax evasion tool.
27 comments
[ 3.2 ms ] story [ 68.5 ms ] threadAlso, you still haven't called me about the hackathon, David.
Also, thread-bottom party at HN. Whoop.
It is more than fine for casual uses, but a serious user who publishes his phone number (payment address) would be subject to a really cheap attack by anyone who can look at his phone, or a somewhat cheap attack with the ability to reroute the phone, or a slightly cheap attack with local BTS spoofing.
You do need to intercept the incoming call, but you can trivially do that ith call forwarding, or more impressively do it with network or local handset exploits.
As for publishing your phone number so that you can receive bitcoins, you can publish your secondary phone numbers. We only allow you to use SMS to access your account from your primary phone number, but you can receive funds on any other phone number attached to your account. So even if a hacker knows your pin and is able to fake a call to us from your published phone number, they won't have access to your bitcoins.
You might be more willing to allow large repeat transactions vs large transactions to a new payee.
I haven't tried it yet, but you definitely want the voice call to include both as much transaction info as possible and a "press 0 to talk to security" etc.
Unclear which telephony provider you use, but if you are more partnered with carriers, you can see more data, which may help reduce fraud. If you turn out to have a bunch of users in Nigeria, I'd set up peering directly with the Nigerian mobile carriers. This is probably years down the line.
I'd personally be willing to risk 10-20 BTC to this level of security, but not 500. Of course, my Bitcoin holdings are 2-3 BTC right now.
The big risk is the link between Coinbase and your outsourced telephony provider. Worst case, if someone is defrauded out of 5 BTC, he can eat it, or you can eat it -- it's not material to you. However, if I can somehow compromise the entire thing and take 10% out of every enabled-for-sms account, that might be material to Coinbase. I'd make sure the entire path is secure, and do as much verification in-house as possible, and probably put aggregate limits on the whole thing.
To be clear, I like the idea here, and think it is a great thing to deploy, it just makes me scared because it is a huge step down from the rest of coinbase's security. Since it is opt-in maybe it doesn't matter as much.
It's a "user-friendly" feature that sacrifices some of Coinbase's own bottom line (and security) for the sake of those that want convenience over security. I wouldn't be scared unless this is enabled on your account. (In fact, from the usability end, it should require some serious hurdles to be enabled in the first place for that reason, to protect against unauthorized enabling.)
The sacrifice for Coinbase seems to be that the people that would enable this feature are accustomed to calling up Visa/MC, reporting a fraudulent transaction, and getting their money back + an affidavit in the mail, so Coinbase will have to be able to cover a fraudulent bottom line either out of their own finances or a good insurance policy.
Two grand for the inconvenience of SMS-based currency?
For example, Wells Fargo keeps telling me I can bank over SMS. But why would I do that versus using their mobile site?
Or is this just for "downmarket" folks?
Oh wait, this isn't 2008? hmm, I must have punched in the date wrong on my time machine.
http://www.youtube.com/watch?v=Iyhkiz8BSCM
http://techcrunch.com/2013/04/28/pay-with-bits-wants-to-be-t...
http://paywithbits.com/
SMS as a protocol for financial transactions is a broken design.
Although it's a pretty cool idea, I was under the impression that the entire basis of a crypto currency was to keep anonymity...
For some it's anonymity. For others it's cheap way to pay for stuff. Or only possible way (if CC are not working in your country). Or an wealth storage vehicle and protection against inflation. Or vote against USD and wars. Or a tax evasion tool.