New analysis shows 94% of apps dealing with cryptocurrency present a minimum of three medium-risk blind spots.
Digital funds are being unsuspectingly stolen from victims in a wide variety of new methods as cryptocurrency value continues to soar all round.
One favorite subterfuge among hackers is creating counterfeit apps that access devices in order to illicitly extract their credentials, but a new study published by High-Tech Bridge, a leading information security company, this type of app is not the only one that people are in a position to be concerned about. Authentic apps with lower security are also quite popular with hackers, allowing them to retrieve login details or cryptocurrency itself from users.
The firm used its copyrighted Mobile X-Ray, an analysis software that allowed them to look behind the curtain of the most popular 30 cryptocurrency apps offered by the Google Play store on three different popularity ranks, based on the number of downloads: approximately 100,000, approximately 500,000, and over 500,000 downloads, totaling 90 apps. From the apps with the highest level of popularity, 94% used anachronistic encryption, 66% didn’t employ the HTTPS protocol for user information encryption in transit, 44% employed default passwords that are registered as plaintext in the lines of code (hard-coded, as they are called), and it was discovered that a general 94% of all apps had a minimum of three vulnerabilities on a medium risk level, the firm reports.
Ilia Kolochenko, CEO of High-Tech Bridge, told me over the phone that the apps analyzed contained all the specific items for a cryptocurrency app: wallets, exchanges, price trackers. Anybody’s natural reaction would be to ask what the meaning of this could be. The answer is that it doesn’t mean much to most folks. However, for people who come upon the misfortune of being shitlisted by some really hardcore hacker (which isn’t really rare in a world as profitable and expanding as that of cryptocurrencies), it could entail losing money or sensitive data, such as passwords.
In our discussion, Kolochenko explained that if a user doesn’t employ serious encryption or any encryption at all, whenever they’re hanging around a café or in a public place like an airport, where the Wi-Fi link is lacking in security, anybody can intercept their data, gather their passwords, and gain access to their personal digital effects, like storage or wallet.
The CEO goes on to explain that hackers can give false information to big traders that conduct their business through price tracking apps in order to enact behavioral changes. People buying and selling huge sums of commodities, known as “whales”, can drive prices to change in susceptible markets such as the cryptocurrency one.
Kolochenko details that there are risks even for apps that don’t deal with sensitive data, but display stuff like the current Bitcoin price. If such apps are implemented poorly, hackers can exploit that and create false information to feed into it.
Of course, doing something like this would take a very tech-savvy person that would also be ready to go to great lengths just to fuck you over. Still, I’m trying to say that it’s far from impossible. It’s also worth saying that poorly-built apps are a bane for the mobile environment as a whole, not just for the cryptocurrency segment. But apps like that operate with digital funds that can be stolen easily and retrieved difficultly, even on the off chance that you could find them. At the end of the day, you should be careful what apps you download.