Android Security Flaw Puts Bitcoin Wallets at Risk
Bitcoin, the maker of the digital currency, announced that a security vulnerability within Google’s Android operating system has exposed Bitcoin users to theft through several Bitcoin digital wallet applications.
The company said updates are being prepared for wallet apps including Bitcoin Wallet, where the update is in beta testing now, BitcoinSpinner, for which an update is being prepared, Mycelium Wallet, for which update v0.6.5 can be installed from Google Play or the Mycelium Website, and an update is also being prepared for blockchain.info.
"Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app," a note on the company’s Website said. "Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone."
The company also advised users to enact a "key rotation" procedure, which involves generating a new address with a repaired random number generator and then sending all the money in the user’s wallet back to the user. The site also notes that if the user has downloaded Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after the user upgrades, though the old addresses will be marked as insecure in the user’s address book.
"If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available," the post said. "Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one."
Cryptography is one of the keys to Bitcoin’s success, according to the Bitcoin Foundation. If Bitcoin is to be a viable money for both current users and future adopters, the company needs to maintain, improve and legally protect the integrity of the protocol.
Building upon the notion that money is any object, or any sort of record, accepted as payment for goods and services and repayment of debts in a given country or socio-economic context, Bitcoin is designed around the idea of a new form of money that uses cryptography to control its creation and transactions, rather than relying on central authorities.
The security flaw is just the latest highlight of the weaknesses inherent in the highly fragmented distribution of the Android platform. The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands but security remains weak.
The number of malicious and high-risk Android apps has grown to 718,000 in the second quarter–a massive increase from the 509,000 high-risk apps found in the previous quarter, according to the report. These malicious apps are on track to exceed one million by year's end, a recent Trend Micro report projected.