Clickjacking Puts Bitcoin Wallets Under Threat

Chris in Bitcoin & Cryptocurrency published on 8, March 2016

Mobile phones have been a security headache for years. A lot of malware for mobile devices are out there ranging from simple key loggers to more complicated programs that can hijack devices. Users concerned with Bitcoin wallet security for their Android phones will need to be aware of another potential risk: accessibility clickjacking.

Accessibility clickjacking is very dangerous because it can allow a user full control of a device and give them access to information that a user would not want them to know. This includes access to password and more. A Bitcoin wallet would be just as vulnerable as other online accounts found on the phone.

How accessibility clickjacking works

Accessibility clickjacking works by taking advantage of the Accessibility services option of a device. These services are designed to help disabled users and those who currently do not have access to their phones. This allows features like voice commands and remote operation. Developers were aware of how accessibility services could easily be used to take over a phone and added a very strict activation process.

The problem is that hackers have developed a method around the process. This is where clickjacking comes in. Clickjacking exploits a feature in HTML pages that allows them to be placed over another interface transparently. This means that if a user clicks on a button on a page, they also click on the page beneath it. Hackers then make a program that puts the overlay over the accessibility services menu. The user then inadvertently gives access to the hacker so that they can access the mobile phone as they click on the cover interface.

A hacker obtaining access to a mobile phone would be very bad for a user. As researchers have demonstrated, this will allow access to all text-based sensitive information on the device. It will also allow automated actions to happen without user consent. Hackers would then be able to read e-mails, SMS messages, sensitive data, and more. They can even change admin permissions, enabling them to lock out owners from their own devices.

Bitcoin wallets under threat

With clickjacking a definite possibility, Android Bitcoin wallet users are warned to be more careful with their use of mobile phones. Players who prefer to play Bitcoin games featured in a Bitcoin mobile casino and other gambling sites should be alarmed of the latest threat to put Bitcoin funds in trouble.

The best way to prevent clickjacking, though, is to immediately update the Android version of the phone. Analysts have tested out all versions of the Android OS and have noted that the clickjacking exploit would not be possible on Android devices running on Android 5.0 Lollipop or higher.

This is still bad news for the users who have not updated or are stuck with devices running on Android 2.2 Froyo up to Android 4.4 KitKat. This accounts for 65 percent of the world’s population or nearly 500 million users.

An immediate update is recommended as well as following simple safety protocols to avoid malware from infecting phones. Bitcoin gamblers in mobile-friendly casinos and sportsbooks like LimoPlay and BitStarz who also want to protect their bankroll should try their best to secure their Android phones as soon as possible to prevent another form of Bitcoin security breach .

Like this article? Place your comments below

Leave a Reply

Your email address will not be published. Required fields are marked *