Bitcoin is the world’s first ever decentralized digital currency where virtual money can be traded without the need for a third party. The third party could be a bank, institution or government which is usually the case when we use our credit cards or PayPal. It is an open-source currency that is rising in popularity.
The official blog of Bitcoin developers reports an Android security vulnerability that affects several Android Bitcoin apps such as Bitcoin Wallet, blockchain.info wallet, Bitcoin Spinner, and Mycelium Wallet.
The security issue involves the way the Android platform generates a secure random number which contains a critical flaw. This flaw makes the wallet apps vulnerable to theft since the private keys will be compromised. Exceptions to this are wallet apps where the user does not control the private keys at all. Examples are exchange frontends like the Coinbase or Mt Gox apps where the private keys are not generated by the Android device.
Right now updates are being made to popular Bitcoin wallet apps.
- Bitcoin Wallet: Update has been prepared and is in beta testing now.
- BitcoinSpinner: Update is being prepared.
- Mycelium Wallet: Update v0.6.5 can be installed from Google Play or mycelium.com.
- blockchain.info: Update is being prepared.
In order for people to secure their Bitcoin wallets a key rotation must be carried out. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”
Those using Bitcoin Wallet will have an automatic key rotation as soon as the app is upgraded.