Android-based Bitcoin wallets upgraded after cryptography flaw and security problems

Last updated on March 17th, 2015 at 11:10 pm

Like Bitcoin Examiner reported three days ago, when the security vulnerability that was affecting Android-based wallets was made public, some cryptocurrency wallets have been updated.

This flaw allowed attackers to steal the virtual currency from users of the Bitcoin Wallet, Blockchain wallet, Mycelium Bitcoin Wallet and BitcoinSpinner. But now the problem has been fixed, as promised in the beginning of the week.

The big problem was caused by an Android component, the Java SecureRandom, which generates random numbers to create private keys. In some cases, the users noticed the numbers were the same and that was compromising the security of the transactions. This could allow an attacker to determine someone’s private key and steal their Bitcoins, something that actually happened: more than 55 BTC were stolen before the users could notice the vulnerability.

At the time, all the Bitcoiners using one of these wallets were advised to rotate their addresses as soon as possible, as well as update their systems.

On Tuesday (13), the security vendor Symantec wrote that the same kind of random number generator vulnerability “was previously used to break the security of other products, such as the PlayStation 3 master key”. Because of this, tens of thousands of other Android applications became vulnerable.


Comments are closed.