A flaw in the way Android generates “random” numbers has made many Bitcoin wallets hosted on Android smartphones insecure, Bitcoin developers have said.
On Sunday Bitcoin.org, which is maintained by the crypto-currency’s community, warned that any wallet generated by an Android app was vulnerable to theft. Apps such as Bitcoin Wallet and Mycelium Wallet were affected and are currently being updated. The problem was flagged up by Google security engineer Mike Hearn.
Quick cryptography primer: so-called public key cryptography (also the basis for end-to-end email security) involves paired public and private keys, with the public key being the one you show someone else so they can send you an encrypted message, and the private key being the one you hang onto in order to decode what is sent.
Bitcoin uses a similar system. To generate an “address” so someone else can send you bitcoins, a random number is used to create a public/private key pair via algorithm. The public key is then transmogrified by further operations into a recognizable Bitcoin address (starting with a 1 or 3), and the private key makes it possible to use funds held at that address.
Addresses and their associated private keys are generally stored in software “wallets”. Some people use hosted wallet services such as Coinbase, while others choose to keep their wallets on their desktop computers or phones. The people potentially affected in this case would be those who use a wallet app on their Android smartphones to generate and use their Bitcoin addresses and the associated private keys.
The problem lies in the Android’s built-in pseudorandom number generator, the SecureRandom Java class. (Proper hardware random number generators are slow and expensive specialist components.) It turns out this generator has a bug that causes it to sometimes issue the same number twice – which makes it possible to work backwards to figure out the private key.
If you know what someone’s private key is, you can get effectively into their wallet. This is not a theoretical hazard: some Bitcoin users have recently reported small thefts that were enabled by the earlier reuse of a supposedly random number.
The advice for users of Android Bitcoin wallet apps is to download the latest version (which should use a different pseudorandom number generator), generate a new Bitcoin address, send all personal funds to that address, and let contacts know what the new address is.