Google identifies Android bug responsible for Bitcoin attack


A little earlier this week, the Bitcoin community disclosed an issue with Android-based wallets for the virtual currency, warning users to upgrade to newer versions (or other apps altogether) or risk having their funds stolen. We were quite curious upon hearing this at the time, as the announcement blamed the situation on the way Android generates random numbers, yet we were under the impression that Google had already fixed this bug in Android 4.2. It turns out, that wasn’t quite the case, and Google’s speaking out to explain what went wrong.

The gist of it is that while the random number generator in the Android Java Cryptography Architecture libraries works fine under some circumstances, it needs to be properly initiated with some random data of its own, and that isn’t happening by default. When apps don’t bother to take that step themselves, the “random” output can be predicted, leading to exploits like this Bitcoin attack.

Google provides some sample code to developers to guide them towards secure use of the JCA, and will be patching Android going forward to avoid this situation in the future.

Source: Google
Via: The Droid Guy

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen’s first mobile device was a 624 MHz Dell Axim X30, which he’s convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he’s not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits

Read more about Stephen Schenck!