Android security flaw opens up Bitcoin wallets to theft

13 August 2013

Bitcoin has warned users a security vulnerability has been found in Android smartphones that could leave any money stored in its virtual wallets open to theft.

The component responsible for generating secure random numbers is the culprit and as the problem lies with the Android operating system itself, meaning anyone will a wallet generated by any Android application will be affected.

In order to rectify the issue, updates have been prepared for several wallet applications, including Bitcoin Wallet, BitcoinSpinner, Mycelium Wallet and blockchain.

Apps that do not control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox are not impacted by it because the private keys are not generated on the Android smartphone.

Affected users have been told "key rotation is necessary" to re-secure existing wallets, meaning users should generate a new address with a repaired random number generator and then send the funds in the wallet back to themselves.

By Gary Cooper

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development