Android Security Flaw Puts Bitcoin Wallets at Risk
The security flaw is just the latest highlight of the weaknesses inherent in the highly fragmented distribution of the Android platform.Bitcoin, the maker of the digital currency, announced that a security vulnerability within Google’s Android operating system has exposed Bitcoin users to theft through several Bitcoin digital wallet applications. The company said updates are being prepared for wallet apps including Bitcoin Wallet, where the update is in beta testing now, BitcoinSpinner, for which an update is being prepared, Mycelium Wallet, for which update v0.6.5 can be installed from Google Play or the Mycelium Website, and an update is also being prepared for blockchain.info. "Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app," a note on the company’s Website said. "Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone." The company also advised users to enact a "key rotation" procedure, which involves generating a new address with a repaired random number generator and then sending all the money in the user’s wallet back to the user. The site also notes that if the user has downloaded Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after the user upgrades, though the old addresses will be marked as insecure in the user’s address book.
"If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available," the post said. "Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one."