Cryptocurrency Hype is Creating Mobile Application Security Risk

One of the latest technology crazes is cryptocurrencies.  Bitcoin hit an all-time high of $11000 bringing its market cap to over $185 Billion - a 1000% increase this year alone.  There are 16 cryptocurrencies that individually have a market cap greater than $1 Billion. The cryptocurrency market is rapidly emerging, changing and growing exponentially.  All this excitement, growth and money being invested in the cryptocurrency market has brought with it many mobile applications from simple exchange ticker apps, to crypto wallets and sophisticated crypto portfolio management apps.  

Recent analysis by High-Tech Bridge on the top cryptocurrency apps in the Google Play Store showed that 90% contained security vulnerabilities or privacy risks.

Why is the Security Risk so High?

There are many different reasons an application may contain security or privacy risks. Misunderstandings of application security, re-use of libraries containing vulnerabilities or not fully appreciating the nuances of a programming language.  Development of a secure application is not an afterthought - it needs to be designed into the application and best practices adopted and adhered to when storing sensitive data, making external connections and using common libraries.  

With the rapid surge in cryptocurrency and follow-on rapid surge in mobile cryptocurrency applications, in all likelihood the focus is not on creating secure apps but rather on creating apps to capitalize on the market rush. Security often takes a back seat to just getting applications to market.  

What This Means for Users

The risk to the user spans a spectrum depending on the type of vulnerability being exploited. Lack of encryption to the external services was a notable risk.  This can lead to compromised credentials or even the leakage of private data being transferred over the wire. Data stored in an insecure hard-coded format such as passwords and API keys is another common risk.  Any of these risks are not specific and unique to cryptocurrency apps, but could exist in any application and are a function of security best practices being implemented during development.

What is unique to a cryptocurrency application is the possibility of a compromised wallet.  The crypto wallet is an application that stores the crypto keys used to spend the cryptocurrency.  Wallets may be local to the device or in cloud storage.  The risk is if your keys are compromised then your crypto funds can be transferred without your knowledge with no ability to prevent it from happening (short of creating a new wallet and proactively moving your currency first).  

What Can You Do?

This is actually quite a challenging problem; with over 90% of applications containing vulnerabilities. First is to ensure you install applications from trustworthy companies that clearly communicate security as a business priority.  As a user, use best practices such as not reusing passwords to contain the scope of what might happen if your credentials are breached.  From a pure cryptocurrency risk perspective; be careful how much money you store in a single wallet - remember that compromised wallets (even if you aren’t aware of the breach) can allow attackers to drain your funds.  Lastly, use a mobile security tool such as MI3 RECON to understand the complete security and privacy risk of an application before deploying.

What to Do Next

Contact us to see a demonstration of the RECON Platform

Watch an overview of the Mi3 Security Portfolio