More than 90% of users don’t know if their mobile wallet is compromised; now, there’s an app for that
Do you use a smartphone app to manage your cryptocurrency? Stop that. Researchers from Michigan State University are developing a safeguard via a mobile app for vulnerable “wallet” applications used to manage cryptocurrency.
Smartphone wallet apps simplify trading cryptocurrency. But the MSU team have uncovered vulnerabilities that can put money and personal information at risk. Their new app, the Bitcoin Security Rectifier is detailed in a paper published for the Association for Computing Machinery’s Conference on Data and Application Security and Privacy. Until now, smartphone wallet apps could be vulnerable by violating one of Bitcoin’s central principles, something called decentralization. Since Bitcoin is not tied to any central bank or government, there’s also no central computer server that stores all the information about bitcoin accounts, such as who owns how much.
The Bitcoin Security Rectifier can introduce a middleman that Bitcoin omits by design. Users often don’t know this, and app developers aren’t forthcoming with the information. More than 90% of users are unaware of whether their wallet is violating this decentralized design principle. If so, it can be a huge security risk for the user, possibly opening the door for an unscrupulous app developer to simply take a user’s bitcoin.
The new app is designed to run at the same time on the same phone as a wallet, where it monitors for signs of such intrusions. The app alerts users when an attack is happening and provides remedies based on the type of attack. For example, the app can add “noise” to outgoing Bitcoin messages to prevent a thief from getting accurate information. The team is currently developing the app for Android phones and plans to have it available for download in the Google Play app store in the coming months. There’s currently no timetable for an iPhone app because of the additional challenges and restrictions posed by iOS.
Original Release: Eureka Alert