High-Tech Bridge, a well known firm that specializes in web security has recently published a research that should get any of cryptocurrency apps users on an Android device very worried. According to the mentioned research, almost every single cryptocurrency app that runs on Android operating system contains serious vulnerabilities that compromise the security of the users’ data as well as the security of their digital wallets.
Cryptocurrency apps have recently become a main target for many hackers because of the continuous raising in the value of Bitcoin (It reached $10,000 a piece and still going up). Some think that it is a bubble that will burst in time. Well, it may be a bubble, but for now, it is a very valuable one. And it is considered to be even more valuable to those who can just steal the coins then dump them for a quick profit. So, if you are a user of one of the popular cryptocurrency apps that was developed for Android, it is guaranteed that your data, digital wallet, and by extension you, are vulnerable to one or more of the Open Web Application Security Projects (OWASP).
To be clearer about the research and matter at hand, the fact of this cryptocurrency apps vulnerability does not mean that they are exploited. It only means that users should be aware of the threat they might be facing because of the increasing value and popularity of Bitcoin and other cryptocurrencies.
High-Tech Bridge tried to find these security vulnerabilities in cryptocurrency apps for Android as part of its research on the matter. The firm used its own Mobile X-Ray Tool and ran a scan on the most popular cryptocurrency apps for Android for vulnerabilities for OWASP and other vulnerabilities. The scans were run on over 30 cryptocurrency apps that had more than 500,000 downloads and installations on Android devices. What the scan found was horrible.
Apps that has more than 500,000 downloads, the scan found at least 3 vulnerabilities that are medium-risk in 94% of these apps. The same percentage had almost no protection and they were still using SSL 3.0 which is over 21 years old and in better cases some used the younger, 18 years old, TLS 1.0 for crypto protocols. It was not a better case for less popular apps with 100,000 or more downloads as the Mobile X-Ray scan found even worse security vulnerabilities.
The most common OWASP vulnerabilities that were found in cryptocurrency apps for android were improper usage of the platforms, insufficient cryptography, and insecure data storage.