If I Had a Million Cryptos: Cryptowallet Application Analysis and A Trojan Proof-of-Concept

Authors

Trevor Haigh, University of New Haven
Frank Breitinger, University of New HavenFollow
Ibrahim Baggili, University of New HavenFollow

Author URLs

Professor Breitinger's Faculty Profile

Professor Breitinger's Faculty Profile

Professor Breitinger's web page

Professor Breitinger's Full Bibliography

Professor Baggili's Faculty Profile

Professor Baggili's web page

UNHcFREG (UNH Cyber Forensics Research & Education Group / Lab)

Document Type

Conference Proceeding

Publication Date

2018

Subject: LCSH

Bitcoin, Hardware Trojans (Computers), Digital forensic science

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security | Physical Sciences and Mathematics

Abstract

Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency.

Comments

This is the authors' accepted version of the paper published in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST). The volume encompasses the proceedings of the 10th EAI International Conference on Digital Forensics & Cyber Crime, September 10-12 in New Orleans. The version of record for the proceedings volume may be purchased from the Springer web site.

The final authenticated version is available online at https://link.springer.com/conference/icdf2c

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

Repository Citation

Haigh, Trevor; Breitinger, Frank; and Baggili, Ibrahim, "If I Had a Million Cryptos: Cryptowallet Application Analysis and A Trojan Proof-of-Concept" (2018). Electrical & Computer Engineering and Computer Science Faculty Publications. 82.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/82

Publisher Citation

Haigh, T., Breitinger, F., Baggili, I. (2018) If I Had a Million Cryptos: Cryptowallet Application Analysis and A Trojan Proof-of-Concept. In Digital Forensics & Cyber Crime: 10th International Conference, ICDF2C, September 10-12, 2018, New Orleans, Revised Selected Papers. Springer.