Oops, we left your wallets open

$5,720 worth of Bitcoins stolen using Android security flaw

Elliot Bentley
bitcoins1

Google engineers warn devs to avoid JCA after “random” number generator produces duplicates.

Android engineers have
admitted the existence of a bug that led to the theft of $5,720
worth of bitcoins last week.

An incorrect implementation of the Java Cryptography
Architecture framework has been present in Android since its
inception, but only came to light last week after a string of
thefts
exploiting the error. Approximately 55 BTC, as the
notoriously
unstable
cryptographic currency is known, were stolen from
various Android users.

The JCA is used by many Android apps to produce Bitcoin private
keys, which serve as randomly-generated passwords for Bitcoin
wallets. However, under certain conditions it would sometimes
produce the same number twice, which could allow an attacker to
guess victims’ keys. This vulnerability was generally unknown until
the thefts began, and initially some speculated that it was an
error on the Bitcoin developers’ part.

However, Android engineers finally owned up to the flaw
yesterday in a blog post titled
“Some SecureRandom Thoughts”
:

We have now determined that applications which use the Java
Cryptography Architecture (JCA) for key generation, signing, or
random number generation may not receive cryptographically strong
values on Android devices due to improper initialization of the
underlying PRNG. Applications that directly invoke the
system-provided OpenSSL PRNG without explicit initialization on
Android are also affected. Applications that establish TLS/SSL
connections using the HttpClient and java.net classes are not
affected as those classes do seed the OpenSSL PRNG with values from
/dev/urandom.

In the short term, Android engineers recommend that developers
“evaluate” keys generated by JCA APIs such as SecureRandom,
KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature, and
replace any use of JCA with the PRNG in
/dev/random
directly (the
blog post
includes a suggested implementation). Firmware
patches have already been developed and passed on to others device
manufacturers, they said.

Bitcoin users, meanwhile, are recommended to update their
wallet app
, which should then provide a guide to generate new
keys. Unfortunately, as is the nature of decentralised currencies
like Bitcoin, those who have already lost money won’t be seeing any
of it back.

Photo by Casascius.

Author
Comments
comments powered by Disqus