National Edu News: CBSE Awards for Teaching and School Leadership 2020-21, Apply till June 28th  |  Technology Inceptions: Microsoft Surface Laptop 4 for Commercial and Education Purposes  |  Technology Inceptions: 'Sunwatch' to Detect Harmful UV Rays  |  Science Innovations: High Power Laster to Deflect Lightning  |  Parent Interventions: A Guide to Parenting in Times of Pandemic  |  Guest Column: The Death of the Creative Writer!  |  Teacher Insights: Why the Boom in Private Tuition Business?  |  Technology Inceptions: More Heat Resilient Silver Circuitry  |  Science Innovations: Silica Nanoparticles for Precise Drug Targetting  |  National Edu News: IIT Hyderabad Improves in QS World University Rankings to 591-600  |  Technology Inceptions: C02 Emissions to Be Made into Animal Feed  |  Leadership Instincts: Blockchain Helping UN Interventions to End Poverty and Hunger  |  National Edu News: Three Indian Institutions in Top 200 of QS World University Rankings  |  Management lessons: Vaccines, Social Distancing, Facemasks Essential Tools to Fight Covid-19  |  Education Information: “The Language Network” to revolutionise language learning  |  
May 06, 2021 Thursday 07:11:50 PM IST

Bitcoin Mobile Apps Vulnerable to Security Threats: Guan-Hua Tu, MSU

Crypto currencies are increasingly being traded using the smart phone apps which are vulnerable and puts at risk the money and personal information of the user. This view is put forward by Guan-Hua Tu, Department of Computer Science, College of Engineering at Michigan State University (MSU). The apps violate Bitcoin's central principles of decentralisation. It is not tied to a central bank or government. No central computer server stores all the information about bitcoin accounts, such as who owns how much. But apps violate such decentralisation principles. They are developed by third parties. And, the wallet apps connect with their proprietary server before connecting to  Bitcoin. In essence, the wallet app can introduce a middleman what Bitcoin omits by design. 

Users often don’t know this and app developers aren’t necessarily forthcoming with the information. “More than 90% of users are unaware of whether their wallet is violating this decentralized design principle based on the results of a user study,” Tu said. And if an app violates this principle, it can be a huge security risk for the user. For example, it can open the door for an unscrupulous app developer to simply take a user’s bitcoin.

The best and easiest way to protect against this, Tu said, is to not use a smartphone wallet app that is developed by untrusted developers. He instead encourages users to manage their bitcoin using a computer — not a smartphone — and resources found on Bitcoin’s official website, For example, the site can help users make informed decisions about wallet apps. But even wallets developed by reputable sources may not be completely safe, which is where the Spartan’s app comes in.

Most smartphone programs are written in a programming language called Java. Bitcoin wallet apps make use of a Java code library known as bitcoinj, pronounced “bitcoin jay.” The library itself has vulnerabilities that cyber criminals could attack, as the team demonstrated in its recent paper.

For example, the Spartans found ways that cyber criminals could intercept information sent by or intended for a wallet app when it was connected to public Wi-Fi, such as at a coffee shop. Another pro tip from Tu: “Do not use your wallet in that scenario,” Tu said.

These attacks can have a variety of consequences, including compromising a user’s personal information. For example, they can help an attacker deduce all the Bitcoin addresses that wallet users have used to send or receive bitcoin. Attacks can also send loads of unwanted data to a user, draining batteries and potentially resulting in hefty phone bills.

The Spartan app is designed to run at the same time on the same phone as a wallet, where it monitors for signs of such intrusions. The app alerts users when an attack is happening and provides remedies based on the type of attack, Tu said. For example, the app can add “noise” to outgoing Bitcoin messages to prevent a thief from getting accurate information.The goal is that you’ll be able t download o tool and be free from these attacks,” Tu said.

The team is currently developing the app for Android phones and plans to have it available for download in the Google Play app store in the coming months. There’s currently no timetable for an iPhone app because of the additional challenges and restrictions posed by iOS, Tu said.

To know more about evolution and characteristics of Crypto Currency : Decoding Crypto in Pallikkutam June 2021