Oops, we left your wallets open

$5,720 worth of Bitcoins stolen using Android security flaw

Elliot Bentley

Google engineers warn devs to avoid JCA after “random” number generator produces duplicates.

Android engineers have admitted the existence of a bug that led to the theft of $5,720 worth of bitcoins last week.

An incorrect implementation of the Java Cryptography Architecture framework has been present in Android since its inception, but only came to light last week after a string of thefts exploiting the error. Approximately 55 BTC, as the notoriously unstable cryptographic currency is known, were stolen from various Android users.

The JCA is used by many Android apps to produce Bitcoin private keys, which serve as randomly-generated passwords for Bitcoin wallets. However, under certain conditions it would sometimes produce the same number twice, which could allow an attacker to guess victims’ keys. This vulnerability was generally unknown until the thefts began, and initially some speculated that it was an error on the Bitcoin developers’ part.

However, Android engineers finally owned up to the flaw yesterday in a blog post titled “Some SecureRandom Thoughts”:

We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG. Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected. Applications that establish TLS/SSL connections using the HttpClient and classes are not affected as those classes do seed the OpenSSL PRNG with values from /dev/urandom.

In the short term, Android engineers recommend that developers “evaluate” keys generated by JCA APIs such as SecureRandom, KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature, and replace any use of JCA with the PRNG in /dev/random directly (the blog post includes a suggested implementation). Firmware patches have already been developed and passed on to others device manufacturers, they said.

Bitcoin users, meanwhile, are recommended to update their wallet app, which should then provide a guide to generate new keys. Unfortunately, as is the nature of decentralised currencies like Bitcoin, those who have already lost money won’t be seeing any of it back.

Photo by Casascius.

Inline Feedbacks
View all comments