Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Viruses & Malware
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
New Money, New Headache: Bitcoin Finds Android Flaw

New Money, New Headache: Bitcoin Finds Android Flaw
By Nancy Owano

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

The good news is that those in charge of wallet apps know about this vulnerability and are preparing updates. Bitcoin Wallet and Mycelium Wallet have already made updates, available through the Google Play Store. Those with Android wallets are advised to check out the latest versions in the Play Store as soon as they are available.
 


Watch your wallets. That was the bracing news for Bitcoin users with Android devices making use of Android Bitcoin apps. On Sunday, developers at Bitcoin.org announced that Bitcoin wallets on Android apps were at risk of theft.

Bitcoin is the virtual currency gaining widespread interest as a "new kind of money" with digital coins you can send over the Internet without going through a bank or clearing house.

According to the Sunday posting, the current problem is not with Bitcoin; it is with the Android operating system. The warning pertains to Bitcoin users with wallets generated by Android apps.

Digital wallets store Bitcoin addresses, which are cryptographic keys, from which Bitcoins are received or sent. The keys can be generated and managed by local apps or by online services.

What They Found

"We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses," according to the August 11 Bitcoin post. Though the list is incomplete, the examples of such apps included Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

Users of some apps including coin exchanges Coinbase and Mt Gox, can breath easier because the private keys for those apps are not generated on Android devices, the Bitcoin developers said.

However, any affected user was advised to generate a new address with a repaired random number generator. On another site, the Bitcoin Developers' Mailing List, Mike Hearn, Google security engineer, went into more detail.

Hearn said, "The Android implementation of the Java SecureRandom class contains multiple severe vulnerabilities. As a result all private keys generated on Android phones/tablets are weak and some signatures have been observed to have colliding R values, allowing the private key to be solved and money to be stolen."

Status of Updates

The good news is that those in charge of wallet apps know about this vulnerability and are preparing updates. Bitcoin Wallet and Mycelium Wallet have already made updates, available through the Google Play Store. Other firms are preparing updates now. Those with Android wallets are advised to check out the latest versions in the Play Store as soon as they are available.

Meanwhile, the Bitcoin developers issued this advice: "In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself."

Once your wallet is rotated, they added, you need to contact anyone with stored addresses generated by your phone and provide the new one. "If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade," they said. "The old addresses will be marked as insecure in your address book. You will need to make a fresh backup."

Cheers and Fears

The Bitcoin Foundation was created in September 2012 to protect and promote Bitcoin. According to Bitcoin, new users join Bitcoin every day. The total value of all Bitcoins in circulation exceeds $1.3 billion.

Nonetheless, not everyone loves Bitcoin or approves of its degree of anonymity. Earlier this year, the European Central Bank warned that money launderers and drug dealers might latch on to Bitcoin as a way of evading the law. Bitcoin is not engaged in criminal activity, but the fear is that criminals will take to Bitcoin for money laundering.

In the U.S., regulators are reviewing Bitcoin practices; American authorities have raised concerns that virtual-currency companies weren't complying with money-transmission laws. In March, the U.S Department of the Treasury said money laundering rules that apply to traditional currency should also apply to virtual currency.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Viruses & Malware
1.   9 Norton Security Products Are Now 1
2.   Data Stolen from U.S. Health Network
3.   Beware Facebook Color Scam
4.   Kaspersky Looks Inside 'Epic' Attack
5.   BadUSB Turns Thumb Drives Evil


advertisement
Android 'Fake ID' Puts Millions at Risk
Users: stick to apps from Google Play.
Average Rating:
Data Stolen from U.S. Health Network
Chinese hackers targeted hospital firm.
Average Rating:
9 Norton Security Products Are Now 1
Symantec takes software-as-service tack.
Average Rating:


advertisement


 Random Bytes
Data Stolen from U.S. Health Network 9 Norton Security Products Are Now 1
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Mobile Technology Spotlight
Google Glass Adds Voice Access to Phone Contacts
The latest update to Google Glass will let users access their top 20 phone contacts with voice commands alone. A user can then choose a phone call, Google hangouts, e-mail or text messaging.
 
Samsung, B&N Target Amazon with Nook Tablet
They've seen the enemy and it is Amazon. So Samsung and Barnes & Noble are teaming up to combat their common foe with a 7-inch tablet that blends Samsung’s tech, Nook’s content and e-reader platform.
 
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.