back to article Android bug batters Bitcoin wallets

Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users' wallets. The Bitcoin Foundation's announcement, here, merely states that an unspecified component of Android “responsible for generating secure random numbers contains …

COMMENTS

This topic is closed for new posts.
Silver badge

Has it been used to steal Bitcoin balances or is this a vulnerability and possibility?

0
0

Looks like this is out there in the wild, and probably fairly scriptable I'd guess. See https://bitcointalk.org/index.php?topic=271486.0 for claims of around 55 BTC being stolen so far.

0
0
Silver badge

virtual risks

Interesting that this class of risk is far heavier for distributed and noncentralised currencies than even visa and mastercard ones where transactions can be reversed. I guess you have to really trust whoever wrote your wallet app, mind you they would only be able to steal some numbers...

0
0
Bronze badge

Re: virtual risks

Some numbers that are currently worth $104 per BTC

2
0
Silver badge

Re: virtual risks

^^^ Yes indeed, to other number collectors. Worth fuckall to most people.

1
2

I was the one who flagged the vulnerability in SecureRandom to Mike Hearn in private before someone figured out that it caused a k colission (due to a post that I placed in the Bitcoin Forums) and he was forced to go public with it all this weekend. You may ask him.

1
0
Anonymous Coward

Use the camera to generate a seed.

0
0

I wouldn't use the camera, but a phone has many sources for entropy, including some (accelerometer, touch screen, antennae, etc.) not found on a desktop or laptop. Kind of shocked that a function called SecureRandom is actually neither.

3
0
Bronze badge
Joke

Who's Johnny?

Use the camera to generate a seed.

Is that William Gibson?

0
0
This topic is closed for new posts.

Forums