Developers find Android flaw that makes bitcoin wallets vulnerable to theft
Android wallet users were sent into a panic over the weekend, after Google discovered a flaw in its mobile operating system that rendered generated bitcoin addresses unsafe. According to Mike Hearn, the forum contributor who reported the bug, the way in which random numbers are generated in Android is flawed. Random numbers are used along with a private key to sign a transaction when sending from a bitcoin address. The flaw means that any random number used more than once with the same public bitcoin address enables that address to be compromised. This problem will affect any Android-based....
Related News
A critical security vulnerability has been found in Android which renders bitcoins stored in Android Bitcoin wallets vulnerable to theft, and the exploit is currently being used in the wild to steal people's bitcoins. Several people have reported that their Android wallets were cleared out and the funds sent to 1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj, an address which currently contains 55.8 BTC. Because the bug is a flaw in Android itself, all Android Bitcoin wallets are vulnerable. Bitcoin Wallet for Android, Bitcoin Spinner, the mobile version of blockchain.info and Mycelium Wallet are all....
Google has released an advisory to developers on how to deal with the recently discovered flaw in Android that led to the theft of thousands of dollars in bitcoin from mobile app wallets. The [then] potential flaw was first reported on the Bitcoin forum, where it was reported that over 55 BTC had been stolen from multiple users to the same bitcoin address. The forum user also reported that the (software) clients that had been stolen from had signed the transaction messages with the same random number. This in turn led some to believe that Android's pseudo random number generator (PRNG) was....
It is no secret how mobile Android devices are vulnerable to a wide range of attacks, which could have drastic consequences for consumers. Especially when it comes to financial details being leaked, these Android vulnerabilities will need to be addressed sooner rather than later. Accessibility clickjacking is one of the more recent forms of malware putting over 500 million devices – and Bitcoin users around the world – at risk. Accessibility Clickjacking is A Major Risk On Android. Earlier this month, security researchers unveiled more details on a new type of malware that is putting....
Another bug has been discovered in a bitcoin wallet, leading to the theft of around 50 bitcoins. This time, Blockchain.info's web wallet was at fault, and the company is now offering refunds to users who lost bitcoins due to the flaw. The popular Blockchain website primarily offers market data and serves as the main block chain explorer for the bitcoin currency. However, users can also create web-based wallets to send and receive bitcoins. The bug lies in the random number generator that the web wallet uses to sign bitcoin transactions. The random numbers are generated in web browsers....
Researchers from Tel Aviv University’s Laboratory for Experimental Information Security (LEISec) and The University of Adelaide have created an attack vector against Android and iOS devices. The invasion uses a $2 USD magnetic device to crack private keys held on these operating systems allowing the possible theft of users’ bitcoins and private data. The....