AirGap Third-Party Security Audit
AirGap Vault, AirGap Wallet, and airgap-coin-lib underwent a comprehensive third-party security audit conducted by Compass Security. In this blog, we will discuss the findings of the security audit.
We often receive inquiries on the support side from individuals seeking reassurance about the safety and security of AirGap. We want to emphasize that AirGap has been open source since its inception, allowing anyone to independently verify its construction and security measures. This transparency empowers users to assure themselves of the integrity of AirGap.
Furthermore, to enhance the credibility of AirGap’s security, it has undergone a comprehensive review and audit process. This thorough examination ensures that the platform meets the highest standards of security protocols and practices. We remain committed to maintaining the trust and confidence of our users by providing an open and secure environment for their digital assets
AirGap Third-Party Security Audit
Your security is our priority, and we appreciate your prompt action in updating to the latest versions. Today, we will talk about one of the most important components of creating a cold wallet — i.e. Security Audit.
AirGap Vault, AirGap Wallet, and airgap-coin-lib underwent a comprehensive third-party security audit conducted by Compass Security, a leading Swiss IT security consulting company with a strong presence in Switzerland, Germany, and Canada. Boasting a team of over 55 security experts, Compass Security has a proven track record of enhancing the security posture of numerous companies.
You can find the full report here.
🔍The Findings
The security audit confirmed that there were no identified attacks enabling external access to stored secrets within AirGap Vault, provided that the operating system’s security measures are in place. While the mnemonic or private key extraction from AirGap Vault was deemed impossible, issues related to communication between AirGap Wallet and AirGap Vault were uncovered.
AirGap promptly addressed these findings, rectified potential vulnerabilities, and allowed sufficient time for users to upgrade to the latest version.
The issues unearthed are relevant only in scenarios where the QR code or deeplink originates from an untrusted source, such as a third-party website or app. Users exclusively using AirGap Wallet and AirGap Vault together remain unaffected by these issues.
AirGap’s Commitment to Accessible Security
Since the audit, AirGap has implemented additional security measures such as the introduction of isolated modules, further fortifying its defenses. Initially, the AirGap code used to be one large, solid block. Now, with isolated modules, the code has been untangled and separated into distinct, modular components. The concept is simple yet game-changing — each module operates in isolation, creating an impervious barrier against vulnerabilities. To know more about Isolated Modules, you can refer to our docs.
The primary objective of AirGap is to offer users a secure and user-friendly platform for managing crypto assets. The AirGap team has consistently prioritized robust security without compromising on usability. To achieve this, the team has conducted numerous in-house security reviews on both new and existing features. Additionally, users have been encouraged to review the source code, actively contributing to the ongoing enhancement of AirGap’s security.
A note from AirGap
If you have questions regarding the security of AirGap, please don’t hesitate to reach out to us here. We are happy to explain uncertainties in more detail.
Overall, we are happy with the results of the security audit. No attack was found that could compromise the secret (mnemonic) of a user using AirGap Vault. However, a couple of important issues have been uncovered that could be addressed before they could be abused.
Download AirGap
AirGap Wallet
📱 iOS — App Store
📱 Android — Google Play (GitHub APK)
💻 macOS
💻 Windows
💻 Linux
AirGap Vault
📱 iOS — App Store
📱 Android — Google Play (GitHub APK)
Interested in AirGap? Stay in touch.
