On Friday November 28, Coinapult re-launched their Bitcoin by SMS service and announced it via a reddit post titled “Send BTC by SMS – a new, global service from Coinapult that operates through plain old txt msg, no need for a data plan. Bitcoin can boldly go where it hasn’t gone before.” The post received 245 comments and 901 upvotes, and the Coinapult SMS walkthrough infographic received 54,093 views.
“If I’m working in Canada, and I want to remit money back to my parents in Brazil, I can send straight to their SMS number,” says Coinapult COO and CFO Justin Blincoe.
The top voted comment was a question about the security of the Coinapult SMS service. It turns out that it is possible for a dishonest telecom employee to intercept or distort messages in a man-in-the-middle, or MITM attack. According to Blincoe, Coinapult’s main line of defense for a man-in-the-middle attack is the verification code. The verification code is sent after a user sends a transaction request via SMS to Coinapult. The transaction request to Coinapult may be relatively easy to spoof, but after the request Coinapult returns a message with a verification code that must be entered correctly before a transaction is executed. The code is not easy to spoof, and may only be worth the efforts for high value transactions.
“It’s not perfect, but it basically means that an attacker would have to be quite a bit more sophisticated to pull off the attack. So would that be worth it for $500, $1000, $10,000 for an attacker? Potentially yes, but would it be worth it for $10? Everything is a question of ease, and it would probably be easier to come at me with a wrench to get the $10 in my pocket than buy equipment and sit near me, and hope that I send an SMS to Coinapult. It is the security adequate for large amounts? I wouldn’t say so, but given the fact that the desire for this service is [from] people that don’t necessarily have access to the Internet — this is the maximum security that you can really provide save telecom providers getting on board, and providing actual equipment so the phone would allow digital signing or some other feature,” says Blincoe.
Coinapult SMS was re-launched globally, but the United States was cut out because of lack of legal clarity. The United States has not legally defined crypto-currencies yet, and the uncertainty proves to be a risk that some companies like Coinapult are not taking. According to Justin, Coinapult may in the future release select legally compliant services in the US, and once the legal clarity exists Coinapult expects to launch in the US.
“Mostly [our decision] is based on a lack of clarity. Obviously as soon as we get that clarity, many of the employers of Coinapult are from the US and we understand it is one of the largest bitcoin markets today. But, it’s also one of the most unclear regulatory [landscapes]. We do have some product implementations that may allow us to offer some of our services in a clear way that we know are legally compliant. But as our service operates today, we don’t quiet have that clarity, but we hope to soon,” says Blincoe.
We recently conducted a 20 minute interview with Coinapult COO and CFO Justin Blincoe. Find a transcript of the interview here, and view the entire interview below.
Photo Source: Coinapult Online
