Google and the Android Bitcoin flaw. There’s good and bad news

Android with BitcoinsFirst, the good news.

Google has confirmed the existence of a critical Android flaw that put Bitcoin wallets created on Android devices at risk of theft.

They have even told app developers how to fix it, and supplied details to handset manufacturers.

Now, the bad news.

It might be some time (if ever at all) that your Android smartphone or tablet receives a patch to its operating system.

The problem lies in a weakness in the way that Android phones and tablets generate the random numbers required to generate the private keys needed to create a Bitcoin wallet, meaning that the key could be recoverable by someone else.

Vulnerable Bitcoin apps use the pseudorandom number generator (PRNG) in Android’s Java Cryptography Architecture (JCA) to generate the random numbers required, but – as Android security engineer Alex Klyubin explains – the numbers are cryptographically weak.

Developers who use JCA for key generation, signing or random number generation should update their applications to explicitly initialize the PRNG with entropy from /dev/urandom or /dev/random. A suggested implementation is provided at the end of this blog post. Also, developers should evaluate whether to regenerate cryptographic keys or other random values previously generated using JCA APIs such as SecureRandom, KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature.

In short – developers you need to fix your apps. Android doesn’t correctly initialise the random number generator, so you have to make sure that you do.

Well, that would be an easy fix if there were only a handful of Android apps that needed to be fixed.

Unfortunately, Symantec has already warned that hundreds of thousands of Android apps could be affected by the flaw.

Various Android Bitcoin apps - some of which may be vulnerable

Assuming that not all of the vulnerable apps will be updated with sufficient haste, can the operating system itself be fixed?

Back to Alex Klyubin’s blog post:

In addition to this developer recommendation, Android has developed patches that ensure that Android’s OpenSSL PRNG is initialized correctly. Those patches have been provided to OHA partners.

OHA is the Open Handset Alliance, whose members include Android handset manufacturers such as Samsung, HTC, Sony Ericsson, etc and the various mobile phone operators.

Well, it’s all very well the Android phone manufacturers having been sent a patch for this serious flaw, but there’s a whole different question of when owners of those devices will ever receive an update to patch their smartphones and tablets.

HTC One SThe problem is that many Android smartphone owners find that it’s very up-in-the-air whether their devices will receive operating system updates and security patches.

The problem is that you need Google, your cellphone service provider and your smartphone manufacturer to all agree to push out a new OS update. Frequently, Android devices are found to be massively out-of-date with their updates as a result.

Just last month I reported how HTC had controversially decided to no longer issue OS updates for the HTC One S, little more than a year after the smartphone’s launch.

Shame on any Android handset manufacturer who doesn’t accept their responsibility to protect their customers, and fails to issue this fix to users as soon as possible.

Tags: , , ,

, , ,

One Response

  1. spryte 33 August 15, 2013 at 2:26 pm #

    "The problem lies in a weakness in the way that Android phones and tablets generate the random numbers required to generate the private keys needed to create a Bitcoin wallet"

    And what of other apps that create private keys?

    Presumably they are also at risk?

Leave a Reply

XSLT by CarLake