Breaking News

90% of virtual currency wallet apps are having security problems

High-Tech Bride, a Web security company based in San Francisco, analyzes more than 2000 applications on Google Play and claims a new investigation.

Of the first 30 virtual currency applications that achieved a total of 100,000 installations, 93% had at least three " risk level: medium " vulnerabilities, 90% had at least two " danger level: large " problems I am holding it.

Although the download number is good among many applications, evaluation is not so good.

94% of more than 500,000 installed applications have at least three "Danger Level: Medium" vulnerabilities and 77% have at least two "Danger Level: Large" vulnerability issues.

According to the analysis, there were the most problems such as "dangerous data storage" where information that should be private should not be unintentionally leaked, and incorrect encryption was implemented to protect data .

In other words, there is a possibility that the user is in danger.

Founder and CEO of High-Tech Bridge Ilia Kolochenko (hereinafter referred to as Kolochenko)

"Depending on the functionality, design and vulnerability of the app, there are wide-ranging disturbances, such as top secret data and wallet (private key) theft, unfortunately the survey results are not surprising."

I said.

Mr. Krochenko considers that mobile development as a whole is not focused on security as a result of this result .

Over the years cyber security companies and independent experts have reported to mobile application developers the dangers of "agile" development without secure design, coding framework or guarantee of coding and hardening, or application security testing.

Users and developers can use the company's free security analysis tool, Mobile X - Ray, to connect mobile applications and see the vulnerability themselves.

However, there is the possibility that many problems will appear when protecting funds. High-Tech Bridge says that his survey is insufficient.

That 's because the analysis only sees the front end of the application, so there may be problems with the back end as well.

According to the report, " This is only a tip of the iceberg.