"In actuality, many of the applications tested did not properly secure sensitive data," Haigh said. "This allows for an attacker to potentially steal cryptocurrency since it’s only as secure as the wallet it’s stored in. This is dangerous as most people expect cryptocurrency to be secure."
Last fall, Haigh presented his findings at the 10th Annual EAI International Conference on Digital Forensics & Cyber Crime in New Orleans. He won the Best Paper award for "If I Had a Million Cryptos: Cryptowallet Application Analysis and A Trojan Proof-of-Concept."
Haigh said he hopes his research "reinforces the idea that security should be a priority for app developers." He also hopes his findings will help with forensic investigations.
"This is a great success for Trevor and our research group."Frank Breitinger
Frank Breitinger, assistant professor of computer science and CFREG co-director and Ibrahim (Abe) Baggili, Elder Family endowed chair and associate professor of computer science, co-authored the paper and supported Haigh’s research.
"The international conference, which took place in the U.S., Europe, Asia and the Middle East over the past years, is well known among researchers in digital forensics," Breitinger said. "This is a great success for Trevor and our research group."
Haigh called the win "exciting and very rewarding" and said he knows he’ll be using the skills he honed – researching and writing – in his career. He graduates in May and already has a job offer to do federally-funded research.
Meanwhile, he’s on to his next project: exploring automating Android applications to assist with reverse engineering.