If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept
Details
Serval ID
serval:BIB_143C1ADA1869
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept
Title of the conference
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Publisher
Springer International Publishing
Address
Cham
ISBN
9783030054861
9783030054878
9783030054878
ISSN
1867-8211
1867-822X
1867-822X
Publication state
Published
Issued date
2019
Editor
Breitinger Frank, Baggili Ibrahim
Pages
45-65
Language
english
Abstract
Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency.
Keywords
Cryptowallet, Cryptocurrency, Bitcoin, Coinbase, Android
Create date
06/05/2021 12:01
Last modification date
06/05/2021 12:17
Usage data
