DeFi SEP - OCT 2021 | JAN - APR 2023

Xumm wallet security assurance and improvements

XRPL Labs asked Cossack Labs' team to conduct a security audit of the Xumm mobile wallet in August 2021. The objective of the security assessment was to strengthen the cryptographic security aspects of Xumm and the surrounding ecosystem, focusing on the protection of the private keys within the self-custodial wallet itself and the integrity of transactions it authorises.

Xumm, also known as Xaman, is a self-custodial mobile cryptocurrency wallet for the XRPL blockchain. It allows users to manage their issued tokens, send/request payments and to interact with XRP Ledger (XRPL) via xApps. Xumm offers hardware wallets, known as Xumm cards, which perform cryptographic operations on the card's isolated chipset. Since 2022, Xumm has the "pro" subscription which offers additional features such as push notifications, user profiles, and on/off-ramp capabilities (exchanging XRP tokens to Euros) for users in the Netherlands and the UK.

Audit Challenges Technology Our approach Solution Products Results

Xumm wallet audit results

The executive summary of the security assessment of the Xumm application can be found here.

See Xumm public report

Industry

FSA / Fintech
DeFi
Cryptocurrency

Technology stack

React Native (iOS, Android)

Regulations

Typical fintech security requirements
Encryption Export Regulations

Challenges

Encrypting user data and private keys
Ensure that the protection of sensitive information such as secret numbers, mnemonics, and private keys is addressing all possible risks. Merely storing data in the Keychain or Keystore is insufficient. To enhance security, keys should be encrypted using hardware-backed encryption (Secure Enclave/Hardware-backed Keystore) and tied to biometric authentication.

Protecting against large-scale exploits
To mitigate the risk of widespread exploits and financial fraud, a number of factors need to be taken into account, such as implementing proper session management, securely handling transactions, and incorporating measures to prevent network attacks (replay, MitM, TLS strip, etc).

Educating the user to make better choices
In a self-custodial wallet, the weakest link is often the user. By understanding how to protect their secrets, enabling biometric authentication, and identifying phishing attempts, users can make informed decisions that reduce the likelihood of losing their funds.

Technology requirements

Prevent transaction fraud

The main goal of the Xumm application is to safely interact with the XRP Ledger. It is crucial to use transport encryption to secure communication with the blockchain network and mitigate replay attacks, ensuring that only authenticated users have access and reducing the possibility of transaction fraud.

React Native application security

Security of the Xumm application encompasses three platforms: React Native core, iOS, Android, and their respective backend components. Each platform has specific requirements, features, and vulnerabilities that need to be addressed.

Security that supports UX

The security measures implemented in Xumm should also consider user experience (UX). As Xumm is designed for end users, the security controls should balance usability and security. It is essential to create a secure environment without making the application overly complicated for the users.

Our approach

Bespoke and innovative security solutions

Our primary focus is on providing customised solutions that cater to the risks and requirements of specific wallet applications. This is achieved by leveraging our expertise in cryptography and security engineering, along with an understanding of the challenges faced within the cryptocurrency ecosystem.

Knowledge of cryptography, hardware and mobile wallets combined

By combining our skills in cryptography with a deep understanding of hardware wallets and mobile operating systems, we identify any potential cryptographic weaknesses that could be exploited. We then offer recommendations for improving the cryptographic code to ensure optimal security while maintaining a seamless user experience.

Proactive security controls

We recognize that applications are constantly evolving things. As part of our approach, we proactively suggest security enhancements that anticipate and prevent potential vulnerabilities as the application continues to evolve.

Solution

1. Determining the security assessment scope

We performed risk and threat modelling and formulated the most high-risk threats: critical exploits, secure storage of private keys, and potential transaction fraud.
Given the self-custodial nature of Xumm, the OWASP MASVS v1.5 served as the security baseline. We excluded certain requirements (such as the V8 Resilience Requirements), which were out of scope. At the same time, we added relevant requirements from the OWASP ASVS v4.0.2 (such as security HTTP headers during network communication). As a result, the assessment had a baseline of 65 security requirements.
Splitting the assessment into sections: design issues, cryptographic layer, application security, platform security, code quality, infrastructure, supply chain issues.

2. Triaging discovered issues

We found no critical issues, some high-priority bugs and risky design decisions, and recommended several improvements.
Security issues were categorised as broken, missing, or in need of enhancements. We evaluated their impact as high, medium, or low. This classification enabled the development team to prioritise security issues effectively and understand the consequences of accepting risks.

3. Highlighting application security and platform trust issues

Mobile applications should incorporate numerous small security controls:
- blurring the application screen to hide sensitive data when app is in the background;
- restricting access for 3rd party keyboards;
- configuring web views and deep links properly;
- cleaning up sensitive data in case of suspicious user activity.
Xumm uses two types of local storage: secret storage in a Keychain/Keystore and an encrypted database for the user data (profile, accounts, settings, etc.). We assessed the storage structure and encryption logic and recommended binding encryption to the specific application installation to prevent data stealing.

4. Migrating to modern state of the art cryptography

We raised concerns regarding cryptographic procedures, highlighting issues with implementation and questionable design choices. Although these concerns may not have resulted in immediate vulnerabilities, their accumulation is a ticking time bomb.
Following the assessment feedback, the XRPL Labs team, together with Cossack Labs team, re-designed and re-implemented the entire cryptographic layer, responsible for application-level encryption and sensitive data storage, introducing the "v2" encryption scheme.
This substantial update to the encryption layer effectively fixed 82% of the weaknesses identified in the original cryptography section.

5. Nurturing xApps community

xApps are web applications, built to facilitate interaction with the decentralized XRP Ledger. xApps enhance functionality of the wallet, and allow users to interact with specific ledger features in a more user friendly way. Many xApps improve the user experience, but can potentially open security risks.
To ensure a trustworthy xApps community we recommended implementing additional measures: periodically inspecting xApps, educating users about potential threats, explaining which xApp behaviours could be suspicious, allowing users to flag xApps they don't trust, and so on.

6. Improving security posture and processes

With the primary objectives of enhancing Xumm app security in mind, our recommendations were centred around establishing robust defences for future application development.
Implementing such protections could significantly “raise the bar” for attackers and reduce the likelihood of incidents beyond the direct control of application developers.
For instance, secure development operations can be improved by configuring linters and source code analysers, implementing the dependency management process, and thoroughly enumerating and comparing application permissions.
The development team created a security roadmap to further improve the security of the Xumm app.

Xumm satisfied 43% of security requirements after the assessment, and 89% after verification of fixes.

Products and services involved

Cryptography engineering

Our engineers audited the entire cryptographic layer: storage encryption, key derivation, and transaction signing. We discovered weaknesses, proposed fixes, and collaborated together to create a more advanced, robust and secure cryptographic system.

Security engineering

Our team verified the architecture, code, application behaviour, and communication with the network to ensure the wallet maintained a high-security posture. We recommended fixing broken security controls and adding the missing ones.

Mobile apps security

Mobile wallets serve as a gateway to the blockchain network and are frequently targeted by various threats such as phishing, API abuse, application cloning and unauthorised redistribution. Mobile app security measures prevent these threats.

Digital wallets security solutions

While digital wallets operate outside the realm of conventional financial regulations, they are still subjected to elevated security requirements and should strive to achieve compliance due to the ever-evolving landscape in which they function.

Results and outcomes

We would like to emphasise the security-focused engineering efforts undertaken by the XRPL Labs team. Although the Xumm application already had pragmatic security controls, its overall security posture experienced significant enhancement after implementation of post-assessment recommendations.

The Xumm team has resolved all "high" flaws and bugs. Moreover, they implemented "medium" and "low" improvements to establish a defense-in-depth approach, laying a strong foundation for future application development and mitigation of potential threats.

As a result of these fixes, we observe significant improvements in handling application security corner cases, managing third-party dependencies and applying platform-specific security controls and settings.

The security posture of the Xumm application has significantly improved. Following the audit, it fulfilled 43% of the security requirements based on the OWASP MASVS v1.5. After fixing the discovered issues, the security score increased to 89%.

This security assessment served as the foundation for long-term product security engagement, which is beyond the scope of this case study.

Why Cossack Labs?

Cossack Labs is a provider of data security tools, bespoke solutions and security assurance services, with a focus on sensitive data protection in modern systems. Our team helps with the most difficult security challenges by designing and building security solutions, researching new capabilities to solve unique problems, and assessing the security of the products to protect your IP, users’ sensitive data, and comply with regulations.

Crypto wallet security assessment for Temple Wallet

Armoring the non-custodial wallet for the Tezos blockchain: improving cryptography, adding platform-specific security controls, preventing mnemonics leakage, decreasing abuse risks.

Read story

All customer stories

All products

Themis, a cross-platform crypto library

Acra, a database security suite

Hermes, end-to-end secure data storage

Documentation server

By org challenge

By use case

By tech challenge

By industry

Blog

Documentation

Conferences & events

Whitepapers & research

Practical OAuth security guide for mobile applications

About

Customer stories

Partners

Jobs & internship

Join us! We have cookies.