Do any of you own any bitcoins? Fractions of a bitcoin? We’d love to know if you do, and issue you a lovely little warning: if you’re holding any bitcoins on an Android phone or tablet, you may want to store your stash elsewhere. Because of a bug in the way Android generates random numbers, those who use Android devices are at risk of digital theft, according to Bitcoin.org.
Updated on 8-15-2013 by Jeffrey Van Camp: Alex Klyubin, a Google Security Engineer on the Android team has acknowledged that this is a legitimate flaw in Android. The problem, as often seems to be the case, is Java.”Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” said Klyubin. Translated out of geek speak, that means that Android is, as we thought, not generating random numbers correctly.
You can find some patch code from Google on its official Android blog. We’ve also updated the links below because patches for all wallets have now been issued.
Article originally published on 8-12-2013.
How to know if you’re affected: There appears to be a flaw in Google’s Android operating system, making it impossible for the OS to generate “secure random numbers,” which are needed to encrypt Bitcoin transactions.. This affects those who use Bitcoin wallet apps like Bitcoin Wallet, Blockchain.info, BitcoinSpinner, and Mycelium Wallet. Some apps, like Coinbase and Mt Gox are still secure because they don’t rely on the Android OS to generate their numbers. Every one of these apps now has a patch available to fix this vulnerability, which you can find here: Mycelium Wallet patch, Bitcoin Wallet patch, BitcoinSpinner patch, Blockchain.info patch.
How to to re-secure your wallet: To protect yourself, Bitcoin.org recommends you do a “key rotation” to your bitcoins. Download the fix for your Wallet app in the Google Play Store as soon as it’s available, generate a new address with the repaired random number generator, and then send your bitcoins from yourself to yourself. If anyone has “stored addresses” from your device previous to the fix, you need to contact them and give them a new one. You ca also send your bitcoins to your computer until you fix up your Android wallet.
We’re hoping those of you with actual bitcoins will understand that process better than we do. Currently, we’re bitcoin broke, so we cannot test this fix.
If you own any bitcoins, let us know below. Have you purchased anything with them? Why do you like or dislike the platform? We’re a “bit” curious.
Related Posts
OnePlus 15T leak spills details on a curious camera situation
According to the Chinese tipster Digital Chat Station (via Weibo), a "small-screen phone powered by the Snapdragon 8E5 is ready," translated from simplified Chinese. This phone, believed to be the OnePlus 15T, could feature a dual-camera setup "with a 50MP main sensor and a 50MP telephoto lens."
WhatsApp has begun testing a long-overdue group chat feature
The Meta-owned messaging platform is testing a new feature called "group chat history sharing" (via a WABetaInfo report). As the name suggests, the feature lets a WhatsApp user (likely the admin) share the chat history (up to 100 messages sent within 14 days) with someone while adding them to a group.
Google Photos introduces a fun new way to turn yourself into a meme
According to a recent post on Google's support forums, Me Meme is a generative AI feature that lets you star in trending memes using a template and a photo of yourself. It's rolling out in Google Photos for Android in the US, and you can try it out by tapping the "Create" button and selecting the new "Me meme" option.