Abstract
Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://www.ikream.com/2018/01/5-best-bitcoin-wallet-mac-os-x-26068 (last accessed 2018-05-08).
- 2.
https://wallet.bitcoin.com/ (last accessed 2018-05-08).
- 3.
https://www.coinbase.com/?locale=en-US (last accessed 2018-05-08).
- 4.
https://electrum.org/ (last accessed 2018-05-08).
- 5.
https://developer.android.com/studio/command-line/adb.html (last accessed 2018-05-08).
- 6.
https://ibotpeaches.github.io/Apktool/ (last accessed 2018-05-08).
- 7.
https://sourceforge.net/projects/dex2jar/ (last accessed 2018-05-08).
- 8.
https://developer.android.com/studio/index.html (last accessed 2018-05-08).
- 9.
https://github.com/JesusFreke/smali/wiki/smalidea (last accessed 2018-05-08).
- 10.
https://developer.android.com/about/dashboards/ (last accessed 2018-05-08).
- 11.
https://developer.android.com/studio/test/monkeyrunner/index.html (last accessed 2018-05-08).
- 12.
http://sqlitebrowser.org (last accessed 2018-05-08).
- 13.
https://www.guardsquare.com/en/proguard (last accessed 2018-05-08).
- 14.
Note, Proguard is mostly used to minimize and optimize code and offers minimal protection against reverse engineering.
- 15.
https://www.guardsquare.com/en/dexguard (last accessed 2018-05-08).
- 16.
https://www.pnfsoftware.com (last accessed 2018-05-08).
- 17.
Side-loading is installing an application directly rather than through a market. This usually requires an additional option to be enabled on the device before the OS will allow the installation.
- 18.
https://bitcoinj.github.io/ (last accessed 2018-05-08).
- 19.
https://nelenkov.blogspot.ca/2012/06/unpacking-android-backups.html (last accessed 2018-05-08).
- 20.
When ranking these applications, server-side security is not considered. This research was only concerned with what data, if any, is present on the physical device.
References
Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A.-D., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 66–72. IEEE (2011)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)
Doran, M.: A forensic look at bitcoin cryptocurrency. SANS Reading Room (2015)
Elennkov, N.: Unpacking android backups, June 2012. https://nelenkov.blogspot.jp/2012/06/unpacking-android-backups.html
Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier, Amsterdam (2011)
Khatwani, S.: Top 5 biggest bitcoin hacks ever, November 2017. https://coinsutra.com/biggest-bitcoin-hacks/
Lessard, J., Kessler, G.: Android forensics: Simplifying cell phone examinations (2010)
Maus, S., Höfken, H., Schuba, M.: Forensic analysis of geodata in android smartphones. In: International Conference on Cybercrime, Security and Digital Forensics. http://www.schuba.fh-aachen.de/papers/11-cyberforensics.pdf (2011)
Mizrahi, A.: Hackers Steal \$400k from Users of a Stellar Lumen (XLM) Web Wallet, January 2018. https://news.bitcoin.com/hackers-steal-400k-users-stellar-lumen-xlm-web-wallet/
Montanez, A.: Investigation of cryptocurrency wallets on IOS and android mobile devices for potential forensic artifacts (2014)
Moore, J., Baggili, I., Breitinger, F.: Find me if you can: mobile GPS mapping applications forensic analysis & snavp the open source, modular, extensible parser. J. Digit. Forensics, Secur. Law 12(1), 7 (2017)
Narayanan, A., Bonneau, J., Felten, E., Miller, A., Goldfeder, S.: Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton (2016)
Peterson, B.: Thieves stole potentially millions of dollars in bitcoin in a hacking attack on a cryptocurrency company, December 2017. http://www.businessinsider.com/nicehash-bitcoin-wallet-hacked-contents-stolen-in-security-breach-2017-12
Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the Seventh European Workshop on System Security, p. 5. ACM (2014)
Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: 2010 International Conference on Computational Intelligence and Security (CIS), pp. 329–333. IEEE (2010)
Swan, M.: Blockchain: Blueprint for a New Economy. O’Reilly Media Inc, Newton (2015)
Tapscott, D., Tapscott, A.: Blockchain Revolution: How the technology behind Bitcoin is changing money, business, and the world. Penguin (2016)
Van Der Horst, L., Choo, K.-K.R., Le-Khac, N.-A.: Process memory investigation of the bitcoin clients electrum and bitcoin core. IEEE. Access 5, 22385–22398 (2017)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digit. Investig. 14, S77–S84 (2015)
Zhang, X., Baggili, I., Breitinger, F.: Breaking into the vault: privacy, security and forensic analysis of android vault applications. Comput. Secur. 70, 516–531 (2017)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get o of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25, pp. 50–52 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Python Script
A Python Script
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Haigh, T., Breitinger, F., Baggili, I. (2019). If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept. In: Breitinger, F., Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 259. Springer, Cham. https://doi.org/10.1007/978-3-030-05487-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-05487-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05486-1
Online ISBN: 978-3-030-05487-8
eBook Packages: Computer ScienceComputer Science (R0)