A recently discovered vulnerability in Android places all Bitcoin wallets generated by Android apps at risk, an advisory on the Bitcoin.org website noted on August 11. The vulnerability is being actively exploited, with at least one reported theft of 55 BTC – equivalent to approximately $5,720 as of the morning of August 12 – according to The Genesis Block.
The vulnerability is related to a flaw in the Android Java SecureRandom class, The Genesis Block reported. In a Bitcoin transaction, the sender appends the recipient’s cryptographic public key to the bitcoin’s blockchain and signs the transaction with his or her own private key. Each address has its own private key that is only known to the owner. However, anyone with access to the key can spend bitcoins from the address. SecureRandom is designed to generate cryptographically strong random numbers for the keys, but developers in the Bitcoin community discovered that these keys are not nondeterministic. As a result, it’s possible to predict the output of the generator and determine the private key of a wallet.
“Android phones/tablets are weak and some signatures have been observed to have colliding R values, allowing the private key to be solved and money to be stolen,” developer Mike Hearn wrote in an email to others in the Bitcoin development community, according to The Genesis Block.
Assessing the impact
All Android wallet apps that generate their own keys – including Bitcoin Wallet, BitcoinSpinner, Mycelium Bitcoin Wallet, blockchain.info and others – are vulnerable, since the flaw is in Android itself. Apps such as Coinbase or Mt Gox, which are exchange frontends that do not let users control the private keys, are not affected, and keys generated on wallet providers’ websites are safe as well. Updates are being released for Bitcoin Wallet, Mycelium Bitcoin Wallet and blockchain.info that help users rotate keys.
“In order to re-secure existing wallets, key rotation is necessary,” Bitcoin.org stated. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”
Users are advised to move quickly to make updates, as the flaw is already being actively exploited in the wild, Ars Technica noted. Given the emphasis on security in the Bitcoin community, avoiding such issues is essential for maintaining trust in the system. Developers working on Android and other operating systems can catch errors before they impact application security by using tools such as static analysis software. With automated review during the development process, it is possible to locate security issues and ensure uses of flawed code classes are eliminated.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.