TY - GEN
T1 - Security Threats from Bitcoin Wallet Smartphone Applications
T2 - 11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
AU - Hu, Yiwen
AU - Wang, Sihan
AU - Tu, Guan Hua
AU - Xiao, Li
AU - Xie, Tian
AU - Lei, Xinyu
AU - Li, Chi-Yu
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/4/26
Y1 - 2021/4/26
N2 - Nowadays, Bitcoin is the most popular cryptocurrency. With the proliferation of smartphones and the high-speed mobile Internet, more and more users have started accessing their Bitcoin wallets on their smartphones. Users can download and install a variety of Bitcoin wallet applications (e.g., Coinbase, Luno, Bitcoin Wallet) on their smartphones and access their Bitcoin wallets anytime and anywhere. However, it is still unknown whether these Bitcoin wallet smartphone applications are secure or if they are new attack surfaces for adversaries to attack these application users. In this work, we explored the insecurity of the 10 most popular Bitcoin wallet smartphone applications and discovered three security vulnerabilities. By exploiting them, adversaries can launch various attacks including Bitcoin deanonymization, reflection and amplification spamming, and wallet fraud attacks. To address the identified security vulnerabilities, we developed a phone-side Bitcoin Security Rectifier to secure Bitcoin wallet smartphone application users. The developed rectifier does not require any modifications to current wallet applications and is compliant with Bitcoin standards.
AB - Nowadays, Bitcoin is the most popular cryptocurrency. With the proliferation of smartphones and the high-speed mobile Internet, more and more users have started accessing their Bitcoin wallets on their smartphones. Users can download and install a variety of Bitcoin wallet applications (e.g., Coinbase, Luno, Bitcoin Wallet) on their smartphones and access their Bitcoin wallets anytime and anywhere. However, it is still unknown whether these Bitcoin wallet smartphone applications are secure or if they are new attack surfaces for adversaries to attack these application users. In this work, we explored the insecurity of the 10 most popular Bitcoin wallet smartphone applications and discovered three security vulnerabilities. By exploiting them, adversaries can launch various attacks including Bitcoin deanonymization, reflection and amplification spamming, and wallet fraud attacks. To address the identified security vulnerabilities, we developed a phone-side Bitcoin Security Rectifier to secure Bitcoin wallet smartphone application users. The developed rectifier does not require any modifications to current wallet applications and is compliant with Bitcoin standards.
KW - bitcoin wallets
KW - blockchain
KW - mobile networks
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85104984628&partnerID=8YFLogxK
U2 - 10.1145/3422337.3447832
DO - 10.1145/3422337.3447832
M3 - Conference contribution
AN - SCOPUS:85104984628
T3 - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
SP - 89
EP - 100
BT - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 26 April 2021 through 28 April 2021
ER -