Google Claims Android’s Flaw Responsible For Bitcoin Theft

Google claims that Bitcoin digital wallets might get vulnerable to threat as it confirmed a flaw in Android operating system. Working as a Security Engineer for Alex Kylubin posted as a blog on Wednesday to outline the cause of vulnerability.

He claims that, they have now determined that applications that use the Java Cryptography Architecture (JCA) for the generation and signing of keys as use of random numbers for cryptography will lead to improper initialization of the underlying PRNG. In addition to this he also said that, Applications that invoke the system-provided OpenSSL PRNG without explicit initialization on Android directly, affect it.

The Bitcoin developers discovered this flaw on Sunday. Generation of secure random numbers (PRNG) leads to vulnerability on Android components. Since the problem gets rooted into the operating system, the entire bitcoin digital wallet generated by the Android App can be affected by virus.

Ars Technia claims that the flaw has led to a theft of $5720 worth of Bitcoins in the last week. Researchers at Symantec have reported that there are 360,000 other Apps which currently use Android’s Secure Random class.

Symantec also mentioned in a blog that, transactions that are public on the bitcoin network, which were scanned by the attackers to analyse the transaction block chain and looked into these particular transactions for retrieving the private key and transfer funds from the bitcoin wallet without any consent from the owner.

As a result of this incident, the Android Engineer Klyubin has recommended the developers using JCA to generate key and update their apps that would initialize the PRNG with a completely different code by regenerating cryptographic keys.

He has also claimed that now Android has also created patches that ensure Android’s openSSLPRNG to initialize correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.