Posted 08/12/2013 at 2:50 PM
Posted 4 years ago
Bitcoin is an online currency still finding its feet in the digital world, and while problems are likely to arise here and there, an issue that leaves wallets vulnerable to theft is a PR-disaster. Unfortunately for the cryptocurrency, it has emerged that a weakness in the way that Android generates random secure numbers has resulted in users’ accounts being open to the growing army of opportunist cyber- pickpockets.
Most Bitcoin apps use the Java SecureRandom class system to create wallet IDs and developers at Bitcoin.org have issued a warning to all Android users that all wallets should be upgraded to new ones once they become available. An official alert was issued on the Bitcoin website and the company said that Android Bitcoin wallets such as Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet would be generating updates.
“Android SecureRandom class has multiple severe bugs that render it useless for cryptographic purposes,” said a description of the flaw by Bitcoin Wallet.
Keys that are generated away from Android but used on the operating system are not at risk from potential attack, nor are apps where users do not control the private keys; however, anyone with a Bitcoin wallet key generated on an Android device, even if it is no longer used on the OS, is vulnerable.
Users are urged to take action immediately and protect their money from the flaw after the update. Everyone is required to create a new wallet ID and send all of their Bitcoins to the new address before getting rid of the old wallet.
No technical details of the problem have been released, nor do we know how serious the problem is. However, as with any potential vulnerability, it’s always better to be safe than sorry.