Android Flaw Could Empty Bitcoin Wallets
Aug 12, 2013 3:31 PM PT
Android device owners who use Bitcoins may have their digital currency stolen because of a security flaw in Android, the Bitcoin Foundation has warned.
The problem may lie in Android's implementation of the java.security.SecureRandom application programming interface in Java.
It was first publicized by Nils Schneider in January.
The flaw is "the same vulnerability used to hack the PlayStation 3," Schneider told TechNewsWorld.
However, Schneider "found a transaction generated by a prototype hardware wallet, not an Android phone, and demonstrated the maths needed to find a private key given a colliding signature," Bitcoin developer Mike Hearn countered.
"There was no indication that Android had the same problem and Nils did not suggest it did," he added. [*Editor's Note - Aug. 13, 2013]
"This is a serious issue," remarked Michela Menting, a cybersecurity senior analyst at ABI Research. "The vulnerability lies in the underlying mobile OS, meaning all wallets are intrinsically flawed."
Users should be diligent about knowing who they are doing business with, never provide too much information, and always check their accounts, said Jim McGregor, principal analyst at Tirias Research.
Bitcoin wallet updates that let users generate new secure keys are available now at the Google Play store, Hearn told TechNewsWorld. The store will notify users and those who opted in will get updated automatically.
Google did not respond to our request to comment for this story.
More About the Flaw
To understand the threat posed by the flaw, you first have to understand what Bitcoin is and how it works.
Bitcoin is an implementation of crypto-currency, which uses cryptography to create and control transactions in a digital currency. It is based on an open source cryptographic protocol.
A user can have one or more Bitcoin addresses from which Bitcoins are sent or received, over a website or a digital wallet. That address is a cryptographic public key roughly 33 keys long. The matching key is stored in a digital wallet or mobile device. Each Bitcoin transaction is signed by the private key of the user initiating the transaction.
Bitcoin's cryptographic process is based on the elliptic curve digital signature algorithm, which requires a random number for each signature. If a random number is used twice with a particular private key, it can be recovered and used by cybercriminals.
The Android vulnerability renders all wallets generated by any Android app vulnerable to theft because it occasionally generates duplicate numbers.
Bitcoin itself is secure, and while various Bitcoin exchanges have been hacked and looted, the problem is with security on their end and not with Bitcoin.
The Bitcoin Foundation did not respond to our request for further details.
Technical Details of the Flaw
The java.security.SecureRandom API is designed to generate cryptographically secure random numbers, but its output can become predictable if it is not implemented properly, Cigital has found.
Implementations of the java.security.SecureRandom API that bypass the internal secure seeding mechanism may compromise the security of the pseudo random number generator output. Further, the PRNG should be reseeded from time to time, either by replacing the existing SecureRandom instance or by adding new random material to the PRNG seed.
Possible Threats to Android Users
"Once a hole is found, hackers will make every attempt to exploit in other, often unforeseen, ways," Tirias' McGregor told TechNewsWorld. "This is not just a Bitcoin problem -- it is a potential general security problem."
Because the flaw lies with the implementation of the java.security.SecureRandom API, "it is up to the developer to ensure that the code and access to the cryptography service used are correct," McGregor continued.
The Bitcoin Foundation suggests Android Bitcoin wallet users update their wallet apps. They should also generate a new address with a repaired random number generator and send all the money in their wallets back to themselves. They should then contact anyone who has stored addresses generated by their mobile device and give them the new address.
The Bigger Picture
The Android flaw "further highlights the problem of the generation of secure keys," ABI's Menting told TechNewsWorld. "If Android is flawed, which other system, whether software or Web wallets, is as well?"
Without some standard or regulation, or possibly oversight as to the generation of private keys, it is likely that other systems could be potentially compromised, Menting noted.
"Possibly the only saving grace at the moment," she said, "is that the use of Bitcoins and mobile wallets is nowhere near mass consumption."
*ECT News Network editor's note - Aug. 13, 2013: Our original published version of this story neglected to include Bitcoin developer Mike Hearn's contributions to the discussion.