CertiK Outlines Mobile Blockchain Security Threats and Countermeasures

Terrill Dicki  Nov 01, 2023 21:03  UTC 13:03

3 Min Read

Blockchain technology is rapidly transcending beyond traditional platforms, marking its imprint on mobile platforms, an area CertiK, a blockchain security firm, regards as a "frontier of innovation." However, this transition isn't devoid of challenges. Mobile platforms inherit a lineage of security hurdles that threaten to impede the smooth operation of blockchain technologies on these devices. On 31st October 2023, CertiK delineated a series of tweets, unfolding the panorama of threats alongside respective safeguards in the mobile blockchain ecosystem.

The first in the series of tweets outlined the threat posed by malware and ransomware. These malicious software target cryptocurrency wallets on mobile devices to either siphon off funds or encrypt data, demanding a ransom for decryption. CertiK advised maintaining a pristine device environment by employing reputable security solutions to ward off such threats.

The subsequent tweet highlighted the risks associated with insecure wallet applications. These deceptive or unsecured apps available on app stores pose significant risks to digital assets. Users are cautioned against downloading such applications and are advised to opt for secure and reputable wallet apps to mitigate risks to their digital assets.

CertiK's discourse progressed to SIM swapping, a technique employed by attackers to hijack phone numbers, gaining control over authentication codes and accounts. To counter this, the blockchain security firm advocates the employment of multi-factor authentication, which adds an extra layer of security, making it arduous for attackers to gain unauthorized access.

One example of SIM swapping security concern is illustrated by Google's recent update to its Authenticator app, which underscores the complex interplay between convenience and security in the digital realm. The recent update to Google's Authenticator app, which now stores a "one-time code" in cloud storage, is perceived by some as a double-edged sword in the battle against cyber threats like SIM swapping. While aimed at preventing users from being locked out of their two-factor authentication (2FA) systems, critics argue that this cloud storage approach could potentially provide a loophole for cybercriminals. SIM swapping, a prevalent technique among identity thieves, involves tricking telecom operators to reassign a victim's phone number to a new SIM card owned by the attacker. This tactic can give criminals access to a plethora of sensitive information and control over 2FA codes sent via SMS, posing a significant risk to users. With the new update, if a hacker were to crack the user's Google password, the ostensibly secure Authenticator app could become a gateway to multiple authenticator-linked applications. Hence, despite its convenience, the cloud storage feature may inadvertently heighten the risks associated with SIM swapping and other cyber-attacks, underscoring the need for users to explore additional security measures.

Engagement with third-party services was identified as another security threat. Such interactions could expose users to additional security risks. CertiK urged exercising caution and patronizing trusted platforms to minimize risks associated with third-party services interaction.

The firm shed light on the vulnerabilities inherent in mobile operating systems that could potentially compromise blockchain security on mobile devices. Ensuring the operating system is updated to patch existing vulnerabilities was recommended as a countermeasure to this threat.

Lastly, CertiK pointed out the network vulnerabilities, especially when connected to insecure Wi-Fi networks and public hotspots. Such connections could expose mobile devices to potential threats. Steering clear of insecure networks and public hotspots, or employing secure Virtual Private Networks (VPNs), was proposed as a safeguard against network vulnerabilities.

Image source: Shutterstock

Read More