468x60 Ads

Wednesday, July 29, 2015

AppBugs Identifies Security Flaws in Bitcoin Apps

AppBugs Identifies Security Flaws in Bitcoin Apps

Financial technology is slowly gravitating towards a more mobile-friendly approach, which brings forth both convenience and ease-of-use. But at the same time, mobile operating systems are far from perfect, as there are quite a few security risks associated with mobile operating systems. AppBugs has recently launched a toolset that will identify security vulnerabilities in mobile applications, to ensure user data is protected at all times.

Also read: Researcher that Finds, Tests, and Reports Starbucks Gift Card Bug gets Reproached

The Leaky Basket of Mobile Applications Threaten User Security

Over the course of recent months, various security flaws in major mobile applications have been identified by security experts. Exploiting any of these weaknesses could have major ramifications for the end user, as mobile applications contain a lot of personal and sensitive information. Hackers could steal private user data, which can include names, addresses and even financial information in some cases.

To make matters even more worrying, there is no mobile application — other than AppBugs  — that identifies these vulnerable apps and warns the user about potential security risks. Contrary to popular belief, antivirus apps for mobile devices will identify virus threats, yet overlook other types of vulnerabilities.

Granted, there are a lot of security consulting companies out there whose only job is to identify and hunt down these potential weaknesses in mobile apps. That being said, most of these companies have no incentive to report these security concerns to the end user, and rather contact the app developer(s) to get paid by them. This communication process can take anywhere from hours to even months, and some developers will never respond, leaving users in a vulnerable position.

Even in the Bitcoin space, any vulnerable application running on the same mobile device as a Bitcoin wallet can have catastrophic consequences. AppBugs has therefore released its mobile app, with the sole purpose of identifying these security risks. Additionally, the AppBugs app will give the end user a list of security concerns and suggest appropriate actions to be taken.

AppBugs COO and Founder Stan Higgins told Bitcoinist:

“The Bitcoin owners run the risk of their personal information to be compromised by the popular apps they use every day. This issue is particularly troublesome for Bitcoin owners as they have sensitive information about the Bitcoins they own.”

AppBugs Solves a Problem Most Mobile Users Don’t Know About

It goes without saying that something needs to change sooner or later to protect customer data on mobile devices. Attackers are exploiting security flaws in mobile apps or web services to steal private information from unsuspecting users. According to a study by Gartner, as much as 75% of all mobile apps will have security flaws by the end of 2015.

During the course of 2015, various major mobile applications have fallen victim to security flaws in their mobile application. Both Starbucks and LastPass suffered from security breaches, in which hackers could steal sensitive data. The average mobile user has no idea whether the apps they install can be trusted or not, let alone what to do if one of the installed applications has security flaws.

This is why AppBugs has created a security app for mobile devices to detect dangerous security flaws in other applications installed on the user’s device. Any application that poses a security risk will trigger an alert to be broadcasted to the end user, which will also include appropriate actions to be taken. In the background, AppBugs will also report the security flaws to the app developer, and will disclose all information regarding these security holes to the public. This will hopefully encourage app developers to fix their applications sooner rather than later.

AppBugs COO and Founder Stan Higgins explained the “main” four security threats mobile users are facing on a daily basis:

“Vulnerabilities in mobile apps can be exploited in the following ways depending on the vulnerability:

1) Get user passwords of the exploited apps. If the passwords are also used in any bitcoin accounts, the bitcoin accounts can be hacked as well.

2) Run malicious code in the context of the exploited app. The attacker can get all permissions of the exploited apps. Those can be permissions to the device storage, contacts, email, etc. If the app has been rooted, the attacker also gains the root privileges, which means he fully controls the device.

3)  Get the personal information of the exploited apps – photos, chat history, etc. The information can be further used for phishing the victim user and his/her friends. For example, if a chat app is exploited, the attacker reads the chat history and knows who the user is talking to. The attacker then can use the information to either cheat on the user’s friends or the user himself/herself.

4) Connect to a network that the victim device has already permission to and consequently connect to the devices connected to that network. The attacker can use this approach to compromise the internal network of the user’s company when the user is using the device with the network.”

It goes without saying that Bitcoin users will be affected by these security flaws as well. In fact, there are so many Bitcoin wallets available for mobile users, and who knows what kind of security vulnerabilities they all carry. Plus, more and more mobile Bitcoin-related tools are hitting the Google Play Store on a weekly basis. Even though mobile devices are considered “more secure” for storing Bitcoins, if the app used has a security flaw, it will be exploited sooner or later.

AppBugs is Not an Antivirus Replacement, But a Complementary Tool 

Don’t be mistaken in thinking that AppBugs is the same as an antivirus tool for your mobile devices, because it is not. All mobile users should have some form of antivirus app running on their devices at all times. AppBugs is an extra layer of protection that goes beyond the capabilities of apps such as Lookout Security and McAfee Antivirus.  The main feature of AppBugs includes the tool to detect HTTPS defects, as well as social plugin vulnerabilities and even detect password brute force issues.

Android users can download the AppBugs app in the Google Play Store, as long as their mobile devices runs on Android version 3.1 or higher. The application itself is free to use, but for optimal protection, users can purchase a Bug Details and Fix Service at a small cost. And for developers, there is the Premium Audit Service, which includes a 10+ page audit report on their newly developed app and its security flaws.

Thanks to the fine people over at AppBugs, Bitcoinist readers can get the first month of Bug Details and Fix Service for free. Download the AppBugs app on your mobile device, go to the “About” tab, and enter the code “bitcoinist07” to enjoy your free one-month trial of this subscription.

What are your thoughts on security flaws in mobile apps, and how will it affect Bitcoin users? Let us know in the comments below!


Source: Info via email

Images courtesy of AppBugs and Shutterstock

The post AppBugs Identifies Security Flaws in Bitcoin Apps appeared first on Bitcoinist.net.