Google confirms Android flaw that led to Bitcoin theft

While the tech giant explains the cause of the vulnerability that left Bitcoin digital wallets susceptible, Symantec researchers warn that hundreds of thousands of apps are at risk of similar attacks.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

Google has confirmed a flaw in Android's operating system, which could make Bitcoin digital wallets vulnerable to theft.

Android security engineer Alex Klyubin penned a blog post on Wednesday outlining the root cause of the vulnerability.

"We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG," Klyubin wrote. "Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected."

The flaw was discovered on Sunday by Bitcoin developers. The vulnerability apparently occurs in an Android component that generates secure random numbers (PRNG). Because the problem is rooted in the operating system, every Bitcoin digital wallet generated by an Android app can be affected by the weakness.

According to Ars Technica, this flaw led to the theft of roughly $5,720 worth of Bitcoins last week. And, Symantec researchers warned Tuesday that as many as 360,000 other apps could be vulnerable to similar attacks since they use Android's SecureRandom class.

"Certain bitcoin wallets applications using Android's SecureRandom signed multiple transactions using an identical 'random' number," Symantec wrote in a blog post. "Since transactions are public on the bitcoin network, attackers scanned the transaction block chain looking for these particular transactions to retrieve the private key and transfer funds from the bitcoin wallet without the owner's consent."

Android engineer Klyubin recommends that developers who use JCA for key generation should update their apps to initialize the PRNG with different code; they should also look into regenerating cryptographic keys. In the meantime, Klyubin said that Android has created patches that ensure Android's OpenSSL PRNG is initialized correctly.

(Via Ars Technica.)