ChainCatcher message, the security team of ScaleBit under BitsLab stated that in October 2024, the ScaleBit security team under BitsLab discovered a vulnerability in the Uniswap iOS wallet, named 'Unauthorized Access to Mnemonic Phrases'. This vulnerability allows attackers with physical access to the device to bypass the wallet's authentication mechanism and directly access the mnemonic phrases stored on the device.
The fundamental cause of this vulnerability lies in the flawed design of the storage and access mechanism for mnemonic phrases. Mnemonic phrases are not subjected to effective application-layer encryption, and the triggering conditions for the recovery page are unreasonable, allowing attackers with physical access to the device to easily bypass the wallet's authentication mechanism and directly obtain the mnemonic phrases stored in the wallet.
Currently, this vulnerability still exists in the latest version of Uniswap Wallet (Version 1.42), posing potential risks for all users of the wallet. Therefore, users need to pay extra attention to the physical security of their devices during use, avoiding the leakage of unlock passwords or lending their devices to others.