According to a new study, 66% of cryptocurrency apps available on Android don’t encrypt information, while 94% carry medium risk security vulnerabilities.
As cryptocurrencies’ value continues to reach new heights almost daily, the lucrative industry is likely to become increasingly targeted by an array of hacks and scams, making security one of the utmost concerns.
Recently, a Bitcoin Gold wallet provider app misled users into sharing their private keys, and afterward stole millions of users’ cryptocurrency holdings. However, a new study from the cybersecurity company High-Tech Bridge, users are more likely to fall victim to insufficient security measures on their chosen legitimate apps, than sophisticated hacks or scams.
Using their mobile app analyzing tool, Mobil X-Ray, the security firm analyzed over 90 different cryptocurrency-related apps available on the Google Play store. The firm targeted apps on various levels of popularity. The research team included apps with downloads ranging in number from 100,000 downloads to 500,000 and above.
The team chose 30 apps per popularity level. Concluding their study, the team confirmed that of the chosen apps, over 94% of apps used an old and inefficient encryption method, while 66% didn’t use HTTPS for user information encryption. A further 44% of apps used passwords that were stored in plain text. Of all 90 studied apps, a staggering 94% carried at least medium-risk security flaws.
The CEO of High Tech Bridge, Ilia Kolochenko stated that the apps related to several different cryptocurrency-related services, from wallet providers, to exchange platforms, to simple price checkers. While some users won’t be affected by the majority of apps vast security incompetence, this could be very damaging to unfortunate users who could become affected by either a security vulnerability or insufficient security measures in their app of choice.
Kolochenko stated that once an app does not employ efficient encryption, it puts its users at risk for hacking, especially if the user utilizes publicly available WiFi networks. The particular security flaws could enable hackers to steal the users’ login credentials to their wallet apps, for example, thanks to improper encryption methods.
This becomes even more dangerous if a price checker app becomes affected. According to Kolochenko, a dedicated hacker could easily influence the price tracking app. This could influence the entire cryptocurrency market, and damage the industry as a whole.
Kolochenko added that generally apps that monitored the prices of several cryptocurrencies, including Bitcoin, demonstrated very poor security measurements. Once a hacker targets a price tracking app, the hacker can easily execute code which would cause the app to display fraudulent prices, which could lead to a wide-spread price dump.
Of course, any hacker attempting to do so would need a vast array of technical skills and hacking prowess. Skill level aside, it is a distinct possibility, and considering the increasingly lucrative cryptocurrency industry with a current market cap of over $300 billion, hackers have more than enough incentive to launch attack campaigns. Their job will just be made easier by apps with slack security measures.