Google and the Android Bitcoin flaw. There’s good and bad news

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Android with BitcoinsFirst, the good news.

Google has confirmed the existence of a critical Android flaw that put Bitcoin wallets created on Android devices at risk of theft.

They have even told app developers how to fix it, and supplied details to handset manufacturers.

Now, the bad news.

Sign up to our free newsletter.
Security news, advice, and tips.

It might be some time (if ever at all) that your Android smartphone or tablet receives a patch to its operating system.

The problem lies in a weakness in the way that Android phones and tablets generate the random numbers required to generate the private keys needed to create a Bitcoin wallet, meaning that the key could be recoverable by someone else.

Vulnerable Bitcoin apps use the pseudorandom number generator (PRNG) in Android’s Java Cryptography Architecture (JCA) to generate the random numbers required, but – as Android security engineer Alex Klyubin explains – the numbers are cryptographically weak.

Developers who use JCA for key generation, signing or random number generation should update their applications to explicitly initialize the PRNG with entropy from /dev/urandom or /dev/random. A suggested implementation is provided at the end of this blog post. Also, developers should evaluate whether to regenerate cryptographic keys or other random values previously generated using JCA APIs such as SecureRandom, KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature.

In short – developers you need to fix your apps. Android doesn’t correctly initialise the random number generator, so you have to make sure that you do.

Well, that would be an easy fix if there were only a handful of Android apps that needed to be fixed.

Unfortunately, Symantec has already warned that hundreds of thousands of Android apps could be affected by the flaw.

Various Android Bitcoin apps - some of which may be vulnerable

Assuming that not all of the vulnerable apps will be updated with sufficient haste, can the operating system itself be fixed?

Back to Alex Klyubin’s blog post:

In addition to this developer recommendation, Android has developed patches that ensure that Android’s OpenSSL PRNG is initialized correctly. Those patches have been provided to OHA partners.

OHA is the Open Handset Alliance, whose members include Android handset manufacturers such as Samsung, HTC, Sony Ericsson, etc and the various mobile phone operators.

Well, it’s all very well the Android phone manufacturers having been sent a patch for this serious flaw, but there’s a whole different question of when owners of those devices will ever receive an update to patch their smartphones and tablets.

HTC One SThe problem is that many Android smartphone owners find that it’s very up-in-the-air whether their devices will receive operating system updates and security patches.

The problem is that you need Google, your cellphone service provider and your smartphone manufacturer to all agree to push out a new OS update. Frequently, Android devices are found to be massively out-of-date with their updates as a result.

Just last month I reported how HTC had controversially decided to no longer issue OS updates for the HTC One S, little more than a year after the smartphone’s launch.

Shame on any Android handset manufacturer who doesn’t accept their responsibility to protect their customers, and fails to issue this fix to users as soon as possible.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Google and the Android Bitcoin flaw. There’s good and bad news”

  1. spryte

    "The problem lies in a weakness in the way that Android phones and tablets generate the random numbers required to generate the private keys needed to create a Bitcoin wallet"

    And what of other apps that create private keys?

    Presumably they are also at risk?

  2. Coyote

    "Well, it's all very well the Android phone manufacturers having been sent a patch for this serious flaw, but there's a whole different question of when owners of those devices will ever receive an update to patch their smartphones and tablets."

    Let's put it this way: it is pseudo-randomly updated. More specifically, let's call it pRUG: pseudo-random update generator (I can't help but mention the fact that this is very much like placing something under a rug … in hopes the problem will… disappear).

  3. Xane Myers

    And shame to the manufacturers that abandon their phones a year after they release them to move on to newer phone iterations!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.