Posted on November 30, 2017 at 7:04 PM
Researchers confirmed that the majority of popular cryptocurrency apps did not protect its user information.
Researchers from the cybersecurity firm, High-Tech Bridge, recently conducted a study which concluded that the majority of cryptocurrency-related apps available on the Google Play store carry medium to severe security risks which could greatly compromise its users’ security.
Currently, there are over 2000 cryptocurrency-related apps available for Android users via the Google Play Store. According to High-Tech Bridge, they randomly selected different apps at various popularity-levels to assess their security risks.
In the apps that enjoyed up to 100,000 downloads, researchers selected a total of 30 different apps and found that 90% of the selected apps contained two high-risk security flaws.
This selection of apps also demonstrated that over 93% carried flaws which posed a medium risk to users. A further 87% of apps were vulnerable to data theft or man-in-the-middle (MitM) attack campaigns and no app in this tier featured security measures to prevent reverse engineering.
In the app selection with more downloads, up to 500,000 downloads to be exact, 94% apps carried three medium-risk flaws, while 77% contained high-risk bugs.
In addition, High-Tech Bridge confirmed that the majority of apps used weak encryption methods which left its users susceptible to data theft.
Overall, 94% of all tested apps used severely outdated modes of encryption, which left users exposed to attack.
CEO of High-Tech Bridge, Ilia Kolochenko, noted that he was not surprised with the study’s conclusion. Kolochenko added that cybersecurity firms, such as High-Tech Bridge have been notifying app developers for years about appropriate security measurements. The notifications were usually to inform app developers about employing efficient encryption and establishing a secure user protection framework.
Considering Bitcoin’s skyrocketing price, cryptocurrency is likely to become one of the most targeted industries for cybercriminals. With such severe security flaws, the dedicated hacker will only have an easier job to steal users’ cryptocurrency holdings or information.
The study, according to Kolochenko was just the first indicator of the industry’s lack of appropriate security measures.
The CEO stated that the current security issues will allow hackers to compromise users’ security, but also the integrity of the cryptocurrency industry, which is likely to negatively affect prices of all cryptocurrencies including Bitcoin.
Kolochenko emphasized that in order to prevent damaging hacks and scams, developers should immediately review their security measures and encryption methods.
The firm declined to name the apps it tested, as several bugs have not yet been addressed.