Google Offers Fixes For Android Flaws Used To Steal Bitcoins

Google has come clean about flaws in Android’s pseudo-random number generator that led to the theft of funds from Bitcoin wallets, and offered a number of fixes and patches.

It emerged earlier this week that Bitcoin wallets using Android’s SecureRandom service were vulnerable, with  several reports of stolen BTC balances.

It is believed Bitcoin apps had signed numerous transactions with the same supposedly random number created by Google’s SecureRandom. Every transaction requires a signature of the private key and a freshly generated random number.

If there is more than one occurrence of the same private key and the same “random” number in this process, this can be exploited to acquire the private key of a user and pretend to be them.

Attackers looked at the blockchain, which records all Bitcoin-based transactions, for such repetitions,  according to security experts. They could then glean private keys of Bitcoin applications.

Where the Android weakness lies…

The weakness lies in the pseudorandom number generator (PRNG) in Android’s Java Cryptography Architecture (JCA), Google has admitted.

Android security engineer Alex Klyubin said apps using this “may not receive cryptographically strong values on Android devices due to improper initialisation of the underlying PRNG”. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialisation on Android are also affected,” he added.

According to Symantec, over 320,000 Android apps use SecureRandom in the same way Bitcoin wallets do, meaning that many could be vulnerable.

Google has sent patch information to device manufacturers, meaning if its hardware partners push out updates, users should be protected. There is no information on when they might do that, however.

It has also given developers advice. “Developers who use JCA for key generation, signing or random number generation should update their applications to explicitly initialize the PRNG with entropy from /dev/urandom or /dev/random,” Klyubin added.

“Developers should evaluate whether to regenerate cryptographic keys or other random values previously generated using JCA APIs such as SecureRandom, KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature.”

A host of Bitcoin wallets have now been updated, including Bitcoin Wallet, Bitcoin Spinner, Mycelium Bitcoin Wallet and blockchain.info.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

TSMC Begins 4nm Chip Production In Arizona

TSMC begins production of advanced 4nm chips at Arizona plant as US seeks to bring…

17 hours ago

China Chip Imports Surge Ahead Of New Export Controls

China's semiconductor imports grow by double-digits in 2024 ahead of new US export controls that…

17 hours ago

US Rules Divide World To Conquer China’s AI

New US export controls divide world into three tiers as outgoing administration seeks to cut…

18 hours ago

Apple Board Advises Against Plan To End Diversity Programmes

Apple board advises investors to vote against shareholder proposal to end diversity programmes as Meta,…

18 hours ago

Technology Secretary Calls Online Safety Act ‘Unsatisfactory’

Technology secretary Peter Kyle admits Online Safety Act falls short on protection from social harm,…

19 hours ago

Blue Origin Aborts Test Flight Minutes Before Launch

Jeff Bezos' Blue Origin cancels New Glenn certification flight at last minute due to unspecified…

1 day ago