UPDATED 14:39 EDT / OCTOBER 22 2018

BLOCKCHAIN

APIs are leaving crypto door ajar to burglars, says white-hat hacker

VIDEO EXCLUSIVE by R. Danes

White-hat bounty hunters put enterprises’ cybersecurity systems to the test for pay. Their clients figure it’s preferable to pay a skilled hacker a reasonable fee to point out vulnerabilities than wait for a black hat to rob them blind.

These pros are now putting cryptocurrency exchanges and initial coin offerings to the test — and their grades are nothing to boast about, according to Anand Prakash (pictured), founder of AppSecure India Pvt Ltd.

Prakash spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the recent HoshoCon event in Las Vegas. They discussed the need for greater security in the expanding crypto market.

Cryptosecurity needs kick in the pants

Prakash has a reputation as one of the most talented white-hat bounty hunters around. He has hacked Facebook, Twitter, Uber and other services. With cryptocurrency hack becoming the modern-day bank robbery, it was clear to Prakash that crypto businesses needed to take a hard look at their security checks. So he began hacking ICOs and crypto exchanges — and all were surprised at how easy it was.

“They thought putting up a two-factor authentication or something like that makes their account secure,” he said. This is not the case at all. Prakash was easily able to hack through their application program interfaces. In fact, APIs and URLs are two access points now quite popular with hackers — and many companies are not properly securing them, according to Prakash.

“We don’t need a big, high-end machine to hack into services,” Prakash said.

Most of the cryptocurrency exchanges he has hacked lacked basic security checks. “They have a password screen on the [user interface], but I can simply hit the API, and with no authentication or authorization, I can just log in to anyone’s account. And then I can get funds out of their system.” Also with tokens, he also has obtained personally identifiable information of users.

Prakash recommends crypto businesses get busy cleaning house and securing their API entry points and other vulnerabilities.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of HoshoCon 2018:

Photo: SiliconANGLE

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.