Uddin, Md Shahab (2021) Horus: A Security Assessment Framework for Android Crypto Wallets. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
756kBUddin_MASc_F2021.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
Crypto wallet apps help cryptocurrency users to create, store, and manage keys, sign transactions, and keep track of funds. However, if these apps are not adequately protected, attackers can exploit security vulnerabilities in them to steal the private keys and gain ownership of the users’ wallets. We develop a semi-automated security assessment framework, Horus, specifically designed to analyze crypto wallet Android apps. We perform semi-automated analysis on 311 crypto wallet apps and manually inspect the top 18 most popular wallet apps from the Google Play Store. Our analysis includes capturing runtime behavior, reverse-engineering the apps, and checking for security standards crucial for wallet apps (e.g., random number generation and private key confidentiality). We reveal several severe vulnerabilities, including, for example, storing plaintext key revealing information in 111 apps which can lead to losing wallet ownership, and storing past transaction information in 11 apps which may lead to user deanonymization.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Thesis (Masters) |
| Authors: | Uddin, Md Shahab |
| Institution: | Concordia University |
| Degree Name: | M.A. Sc. |
| Program: | Information Systems Security |
| Date: | 23 August 2021 |
| Thesis Supervisor(s): | Mannan, Mohammad and Youssef, Amr and Zhao, Lianying |
| ID Code: | 988864 |
| Deposited By: | Md Shahab Uddin |
| Deposited On: | 27 Oct 2022 13:52 |
| Last Modified: | 27 Oct 2022 13:52 |
Repository Staff Only: item control page
Download Statistics
Download Statistics