Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings

Research Article

If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept

Download
171 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-05487-8_3,
        author={Trevor Haigh and Frank Breitinger and Ibrahim Baggili},
        title={If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept},
        proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings},
        proceedings_a={ICDF2C},
        year={2019},
        month={1},
        keywords={Cryptowallet Cryptocurrency Bitcoin Coinbase Android},
        doi={10.1007/978-3-030-05487-8_3}
    }
    
  • Trevor Haigh
    Frank Breitinger
    Ibrahim Baggili
    Year: 2019
    If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept
    ICDF2C
    Springer
    DOI: 10.1007/978-3-030-05487-8_3
Trevor Haigh1,*, Frank Breitinger1,*, Ibrahim Baggili1,*
  • 1: Tagliatela College of Engineering University of New Haven
*Contact email: thaig1@unh.newhaven.edu, FBreitinger@newhaven.edu, IBaggili@newhaven.edu

Abstract

Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency.