Android Flaw Allowing Bitcoin Wallet Theft Receives Patch from Google
Soon one day some of us will rejoice at the idea of a digital wallet being your main means of paying for items and transacting money transfers. Until then, Bitcoin Wallets serve as a viable way to utilize the open-source cryptocurrency protocol where Bitcoins can be transferred through smartphone or computers without an intermediate financial institution.
Over the past few years, Bitcoin transactions have received some scrutiny for obvious reasons where the propagation of hackers is on the move to find vulnerabilities within infrastructures utilizing Bitcoin services. As a prime example, Android Security Engineer Alex Klyubin confirmed in a blog post that the existence of an Android vulnerability could be leveraged to compromise Bitcoin wallets.
As we know all-so-well, Android remains to be the primary smartphone operating system to receive a boatload of malware attacks through malicious apps and other discovered vulnerabilities. In the latest vulnerability, it was found that Android has an issue lying within the SecureRandom class implementation where apps utilizing Java Cryptography Architecture (JCA) for key generation, signing or random number generation, may be part of an exploit that leads to Bitcoin Wallet theft.
Improper installation of PRNG, pseudorandom number generator for certain Android apps along with the OpenSSL strings, has led to serious issues that Bitcoin Wallet thieves could capitalize on.
It has been claimed by Symantec that over 360,000 Android apps make use of SecureRandom, much in the same way as impacted Bitcoin Wallets do. Basically, the malicious actions taking place are cases where attackers scanned transaction blocks, where are made public on the Bitcoin network by default, and they retrieve a private key and transfer funds from the Bitcoin wallet without the owner's permission.
In an attempt to put an end to apparent Bitcoin Wallet thefts, Google has developed patches to make sure the OpenSSL PRNG is installed correctly and developers utilizing JCA for generating keys have the necessary information on how to address this serious issue.
So far, the vulnerability has accounted for transfers amounting to 55.82152538 BTC (Bitcoins) from various wallets. Additionally, the vulnerability affects all versions of Android using Bitcoin apps.
The Android updates so far have been released for Bitcoin Wallet, blockchain.info, BitcoinSpinner and the Mycelium Bitcoin Wallet apps.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.