What are your thoughts about BitCoin – “a new form of money that uses cryptography to control its creation and transactions, rather than relying on central authorities”?
Well, watch out with your BitCoin wallet on Android. T3 is among those reporting a warning from BitCoin developers about an Android security vulnerability.
They wrote, yesterday:
We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. Apps where you don’t control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.
Updates are being prepared for the following wallet apps, they write:
- Bitcoin Wallet: Update has been prepared and is in beta testing now. Learn more.
- BitcoinSpinner: Update is being prepared.
- Mycelium Wallet: Update v0.6.5 can be installed from Google Play or mycelium.com.
- blockchain.info: Update is being prepared.
What are users of the wallets being advised to do? The answer is “key rotation”. Apparently, this involves “generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself.”
Read the full BitCoin blog post »
See also: Naked Security (Sophos) - Android random number flaw implicated in Bitcoin thefts
