According to PANews, the ScaleBit security team under BitsLab has identified a vulnerability in the Uniswap iOS wallet, termed 'Mnemonic Unauthorized Access.' This flaw, discovered in October 2024, allows attackers with physical access to a device to bypass the wallet's authentication mechanism and directly access the mnemonic stored on the device.
The root cause of this vulnerability lies in the flawed design of the mnemonic storage and access mechanism. The mnemonic is not effectively encrypted at the application layer, and the conditions for triggering the recovery page are unreasonable. This makes it easy for attackers with physical access to the device to bypass the wallet's authentication mechanism and obtain the mnemonic.
Currently, this vulnerability persists in the latest version of the Uniswap Wallet (Version 1.42), posing a potential risk to all users of the wallet. Users are advised to be particularly cautious about the physical security of their devices, avoid disclosing unlock passwords, and refrain from lending their devices to others.