Android’s Bitcoin-wallet-busting security bug gets patched

Google’s Android security team has issued a patch for the mobile operating system’s built-in pseudorandom number generator (PRNG), after problems with the feature led to some Bitcoin users having a small amount of money stolen.

The bug in Android’s Java-derived PRNG made it sometimes issue the same “random” number twice, which (under certain circumstances) made it possible to figure out the private keys of Bitcoin wallets that were generated and stored on Android devices. This in turn allowed hackers to gain access to these wallets and steal funds totalling around $ 5,700.

In a blog post on Wednesday, Android security engineer Alex Klyubin wrote that the problem affected apps that use the Java Cryptography Architecture (JCA) without properly initializing the underlying PRNG, and apps that use Android’s OpenSSL PRNG without “explicit initialization”.

He said the Android team had issued patches to Google’s phone-manufacturing Open Handset Alliance (OHA) partners that fix the latter problem. He also included a suggested implementation for fixing the former problem.

Security house Symantec has estimated that hundreds of thousands of apps may have been affected by the bugs. That said, the case of the Bitcoin wallets was unusual in that details of the apps’ transactions get published in public (you can find a brief Bitcoin primer here), which made it much easier for miscreants to figure out private keys. In most cases, the PRNG’s failure to generate properly random numbers would have made apps less secure, but not quite as dangerous.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Bluetooth to Feel Blue as Personal Area Network Battles Loom
  • Survey: How apps can solve photo management
  • Analyzing the wearable computing market


GigaOM