Bitcoin: Android Security Vulnerability

[RuecanOnRails]

 

What happened

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.

What is being done

Updates are being prepared for the following wallet apps:

• Bitcoin Wallet: Update has been prepared and is in beta testing now. Learn more.
• BitcoinSpinner: Update is being prepared.
• Mycelium Wallet: Update v0.6.5 can be installed from Google Play or mycelium.com.
• blockchain.info: Update is being prepared.

What you should do

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

 

 

Bitcoin wallets created on an android device are not secure due to a fault in the random number generator for making keys. This requires immediate attention if you are one of the many people enjoying the benefits of using this digital currency. Best suggestion is once updates have been pushed out you should create a new secure wallet and transfer your coins to it. Some of the apps will automatically rotate the wallets but not all.

 

More information can be found here.

http://bitcoin.org/en/alert/2013-08-11-android