Research Article
Horus: A Security Assessment Framework for Android Crypto Wallets
@INPROCEEDINGS{10.1007/978-3-030-90022-9_7, author={Md Shahab Uddin and Mohammad Mannan and Amr Youssef}, title={Horus: A Security Assessment Framework for Android Crypto Wallets}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part II}, proceedings_a={SECURECOMM PART 2}, year={2021}, month={11}, keywords={Crypto wallets Cryptocurrency HD wallets Android apps}, doi={10.1007/978-3-030-90022-9_7} }- Md Shahab Uddin
Mohammad Mannan
Amr Youssef
Year: 2021
Horus: A Security Assessment Framework for Android Crypto Wallets
SECURECOMM PART 2
Springer
DOI: 10.1007/978-3-030-90022-9_7
Abstract
Crypto wallet apps help cryptocurrency users to create, store, and manage keys, sign transactions and keep track of funds. However, if these apps are not adequately protected, attackers can exploit security vulnerabilities in them to steal the private keys and gain ownership of the users’ wallets. We develop a semi-automated security assessment framework,Horus, specifically designed to analyze crypto wallet Android apps. We perform semi-automated analysis on 310 crypto wallet apps, and manually inspect the top 17 most popular wallet apps from the Google Play Store. Our analysis includes capturing runtime behavior, reverse-engineering the apps, and checking for security standards crucial for wallet apps (e.g., random number generation and private key confidentiality). We reveal several severe vulnerabilities, including, for example, storing plaintext key revealing information in 111 apps which can lead to losing wallet ownership, and storing past transaction information in 11 apps which may lead to user deanonymization.
