An analysis published by a web security firm concluded that more than 90 percent of mobile apps in the cryptocurrency space have vulnerabilities.
At this moment, cryptocurrencies are experiencing an unbelievable rise. Together, they have accumulated an enormous market capitalization of over $300 billion, and the value of Bitcoin itself has surpassed $10,000, continuing its seemingly endless climb.
This phenomenon has since attracted the attention of hackers, who are constantly hard at work attempting to exploit the vulnerabilities in applications that exist within the crypto space.
Since cryptocurrencies themselves are new technologies, the applications that are developed for them have a long way to go before they are technically mature. This allows cybercriminals to fill their plates in the meantime with whatever they can steal.
A new analysis published by High-Tech Bridge—a Switzerland-based web security company—has revealed that over 90 percent of all cryptocurrency-related applications on Google Play have some form of vulnerability in them.
Even popular applications—defined by High-Tech Bridge as any apps with more than 500,000 installations—are affected by this issue. The analysis found that 94 percent of them have at least three medium-risk vulnerabilities.
“Unfortunately, I am not surprised with the outcomes of the research. For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of “agile” development that usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing,” said Ilia Kolochenko, the company’s founder and CEO.
Most of the problems found in mobile apps had to do with either improper platform usage, insufficient cryptography (such as a predictable randomizer or weak hashing algorithms like SHA-1), or insecure data storage.
What’s probably more shocking than all of this is that the analysis they performed found that 77 percent of popular cryptocurrency applications have at least two high-risk vulnerabilities, making the mobile space a massive party venue for hackers.
At the beginning of this month, the CryptoShuffle virus demonstrated that it could exploit non-mobile devices as well without needing to infiltrate the crypto applications themselves.
The point here is that it doesn’t take a highly-skilled hacker to make a few bucks by exploiting a crypto-oriented application.