Up to 90% of mobile cryptocurrency apps could have vulnerabilities, new research claims
A new report from Tech Bridge has claimed that of 30 cryptocurrency wallet apps with more than 100,000 installations, over 93% contained vulnerabilities.
Cryptocurrency investors have multiple options to secure their wealth in a wallet that can either take the form paper, hardware, or software, yet all three have distinct drawbacks. Now, a new research report from High-Tech Bridge has revealed that mobile cryptocurrency wallets may be far less secure than previously thought.
High-Tech Bridge cites that, through an analysis of some 2,000 mobile wallet apps on the Google Play Store, 93 percent of the first thirty wallets with more than 100,000 installations contain at least three “medium-risk” vulnerabilities.
The report goes on to illustrate that over 90 percent of that same figure have at least two “high risk” vulnerabilities, while 94 percent of apps with over 500,000 installations contain at least three “medium risk” vulnerabilities.
The analysis reveals that the most common vulnerabilities facing mobile wallet apps include insecure data storage and insufficient cryptography.
Presiding over the release of the report, Ilia Kolochenko, CEO and founder of High-Tech Bridge, opined that “For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of ‘agile’ development that usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing.”
Kolochenko went on to add that he noted a lack of emphasis on security throughout mobile app development, commenting that “Depending on the application functionality, design and vulnerabilities, a wide spectrum of nuisances is possible, up to sensitive data and even the wallet (private key) theft”.
The report does mention, however, that it has only analyzed faults on the front-end of popular applications, and as such further vulnerabilities could exist in the backend.
High-Tech Bridge offers Mobile X-Ray; a tool for Android or iOS developers to upload their apps and investigate vulnerabilities.
What are your thoughts? What type of cryptocurrency wallet do you consider to be the most reliable? Be sure to let us know your thoughts in the comments below!
Follow Bryan Smith on Twitter: @bryansmithSA