Menu
Bitcoin wallets upgraded after Android cryptography problem

Bitcoin wallets upgraded after Android cryptography problem

Symantec found that tens of thousands of other applications that use the Android component may be affected

Several Bitcoin wallet applications have been upgraded following a serious cryptography problem in Android that could allow attackers to steal the virtual currency.

Four Android Bitcoin clients -- Bitcoin Wallet, Blockchain, Mycelium Bitcoin Wallet and BitcoinSpinner -- have been fixed, according to an updated notice on Bitcoin.org.

The problem affects Bitcoin applications that rely on an Android component, the Java SecureRandom class, that generates random numbers. Those numbers are used to create transaction signatures that are recorded in the blockchain, which is the public ledger of Bitcoin transfers.

In some cases, the supposedly random numbers were the same for different transactions, which could allow an attacker to determine someone's private key and steal their bitcoins.

Users who may be affected by the problem need to create new private keys for their bitcoins. That can be accomplished by assigning funds to new bitcoin addresses which have been generated by applications that have been patched or ones not affected by the SecureRandom issue.

"This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself," the Bitcoin.org notice said. "Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one."

Security vendor Symantec wrote on Tuesday that the same kind of random number generator vulnerability "was previously used to break the security of other products, such as the PlayStation 3 master key."

Tens of thousands of other Android applications may be vulnerable, Symantec wrote. The company found more than 360,000 applications that use the SecureRandom class in the same way as the affected Bitcoin applications.

Symantec noted that applications running on Android version 4.2 and up may not be affected since SecureRandom was changed in that version of the mobile OS.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile securityencryption

Featured

Slideshows

HP channel recognised at 2017 Partner Awards

HP channel recognised at 2017 Partner Awards

The HP Partner Awards 2017 at Shed 10 kicked off with an AMD-sponsored hackers lounge, a mysterious gaming style area filled with dry ice and red lasers, the waiters wearing Mr Robot style masks.

HP channel recognised at 2017 Partner Awards
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments