Last Year's ICOs Had Five Security Vulnerabilities On Average, Say Researchers (bleepingcomputer.com) 44
An anonymous reader quotes a report from Bleeping Computer: Security researchers have found, on average, five security flaws in each cryptocurrency ICO held last year. Only one ICO held in 2017 did not contain any critical flaws. According to Positive.com, a security firm specialized in ICO security audits, most of the vulnerabilities they found, they discovered in the smart contracts at the base of the ICO itself.
"71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO," the company said. "Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others," Positive.com experts say. "Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing." According to the researchers, all the mobile apps ICO organizers have launched in 2017 contained security flaws. "The most common flaws in mobile apps are the use of insecure data transfer methods, storage of user data in phone backups, and disclosure of session IDs that an attacker could capture and use against the user," reports Bleeping Computer. Security bugs were also found in the web apps.
"71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO," the company said. "Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others," Positive.com experts say. "Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing." According to the researchers, all the mobile apps ICO organizers have launched in 2017 contained security flaws. "The most common flaws in mobile apps are the use of insecure data transfer methods, storage of user data in phone backups, and disclosure of session IDs that an attacker could capture and use against the user," reports Bleeping Computer. Security bugs were also found in the web apps.
Remind me again... (Score:2, Insightful)
... why I should invest some $$$ in the shitcoin "du jour"?
I have always said that computer security is a huge mess. As the crypto-currencies gain value, they provide more and more incentives to bad guys to hack your computer to get at your wallet.
Re: (Score:1)
Windows 3.0 was perfectly secure because it didn't have networking, and Windows 10 is touted as the most secure version of Windows ever, therefore its security must be perfect.
"Only one" (Score:2)
"Only one ICO held in 2017 did not contain any critical flaws."
And that one would be...?
Re: (Score:3)
The one invented by/invested in by the researchers.
Please! Steal my money! (Score:2)
Who the heck thinks these things are a good idea, beyond the fraudsters at the top of the pyramid?! Of course shortcuts are taken... after the first round of suckers, who really gives a s#!t?
Oops (Score:2)
"According to the researchers, all the mobile apps ICO organizers have launched in 2017 contained security flaws."
My, that's awkward. Maybe they'll do better in 2018. ... or 2019 ... or 2020.
I'm confident that if they prsevere, they can create a cryptocurrency that is merely pointless instead of being pointless and fatally flawed.