Coinomi Cleartext Transmission Vulnerability

A vulnerability exists in Coinomi wallet versions through 1.7.6, where the application transmits sensitive information unencrypted over the network. This issue arises from the wallet's communication with Electrum-compatible servers via unencrypted TCP, exposing users' Bitcoin addresses and transaction details to potential interception by attackers. The vulnerability allows for passive tracking of wallet activity and could be exploited to replay signed transactions, leading to a loss of funds.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, including the user's Bitcoin addresses and transaction history. Additionally, the lack of encryption could allow for interception and manipulation of transactions, creating a risk of financial loss.

Reproduction

The vulnerability can be reproduced by using the Coinomi wallet on Android, version 1.7.6. Upon launching the app, it connects to Electrum servers without SSL encryption, transmitting the user's Bitcoin addresses in cleartext. This can be verified by monitoring the network traffic with a tool like Wireshark, which will capture the unencrypted Electrum messages including wallet addresses and transaction details.

Remediation

Users are advised to block network traffic from the Coinomi application until the vulnerability is addressed. Coinomi should implement SSL encryption for Electrum communications, using port 50002 instead of the unencrypted TCP port.