News 66 Percent of Popular Android Cryptocurrency Apps Don't Use...

66 Percent of Popular Android Cryptocurrency Apps Don’t Use Encryption

-

- Advertisment -

66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption

Image: Shutterstock. Composition: Author

As the value of cryptocurrencies continues to skyrocket nearly across the board, hackers and scammers are stealing digital money from unsuspecting victims in all sorts of new and interesting ways.

One method uses fake apps that steal credentials, but according to new analysis from information security firm High-Tech Bridge, it’s not just fraudulent apps that people have to worry about. Legitimate, but insecure, apps are also rampant and could allow a hacker to steal someone’s login information or even their cryptocurrency.

High-Tech Bridge used its free mobile app analysis software, called Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps in the Google Play store at three different popularity levels: apps with up to 100,000 downloads, up to 500,000 downloads, and apps with more than 500,000 downloads. So, a total of 90 apps altogether. Of the most popular apps, 94 percent used outdated encryption, 66 percent didn’t use HTTPS to encrypt user information in transit, 44 percent used hard-coded default passwords (stored in plain text in the code), and overall 94 percent of the most popular apps were found to have “at least three medium-risk vulnerabilities.”

Read More: People Can’t Tell What Apps Use Encryption, And Don’t Really Care, Study Finds

According to High-Tech Bridge CEO Ilia Kolochenko, whom I reached over the phone, the apps included everything from price trackers, to exchanges, to wallets. So, what does this mean? For most people, probably nothing. But for somebody who happens to land on a dedicated hacker’s shit list (not all that uncommon in the increasingly lucrative world of cryptocurrencies), it could mean the loss of funds or sensitive information like passwords.

“If you don’t have proper encryption—or it’s simply not implemented because some of these apps are using HTTP with no encryption at all—when you’re sitting with your phone at a cafe or the airport and the Wi-Fi is insecure, someone else can seize the traffic, intercept your login passwords, and access your wallet or digital storage,” Kolochenko told me.

In the case of a price tracker app, Kolochenko said, someone could feed a high-volume trader false information to influence their behaviour. Cryptocurrency markets are notoriously susceptible to price changes driven by “whales” who buy and sell in large amounts.

“You can have an application that doesn’t send or receive any sensitive information at all, but shows you something like the current price of Bitcoin,” he explained. “Such applications can be very poorly implemented, and in some cases could allow an attacker to falsify information.”

Obviously, to do this someone with a lot of technical skill would have to be extremely dedicated to the sole cause of screwing you over. But the point is that it’s possible. And, it’s worth mentioning, insecure apps are a blight on the entire mobile ecosystem, not just cryptocurrencies. But cryptocurrency apps deal with easily-stolen digital money that often can’t be returned or recovered, even if found. So, it might pay to be a little more cautious with your apps than usual.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...

Crypto can’t thrive in the real world – but stablecoins can

We can safely say that the hype about cryptocurrencies is pretty much over. The claims of Bitcoin...
- Advertisement -66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption

How to double your crypto

Most of us have a small gambler deep inside our souls. We love to feel the thrill...

Cryptocurrency Top Security Risk Concerns: What You Can Do to Protect Your Crypto

A report by CipherTrace revealed that in the first half of 2019, criminals and fraudsters stole more...

Must read

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came...
- Advertisement -66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption

You might also likeRELATED
Recommended to you