Google has confirmed a Java Cryptography Architecture vulnerability as the key suspect for the $5,700 Bitcoin heist. The hackers were able to crack the cryptography and send money wirelessly through to their bank accounts, leaving no trace.
Security firm Symantec was the first to report the incident, stating over 360,000 programs rely on SecureRandom, the Java Cryptography program that works to make sure logins and transactions are random and long enough to not be guessed easily.
It seems the hackers were able to understand the keys and crack the system, with the SecureRandom cryptography method making the same number a few different times. It seems yet another Java flaw has left the gates open for hackers to exploit.
This will not just affect Android users on 4.2 and above, this is set to affect anyone on Android who users a program with SecureRandom and has Bitcoins. We are unsure about other money, Bitcoin seems to be the only flawed currency so far.
Google has went into detail about exactly what went wrong and the technical points to take out of the problem. The Android team is working hard with third parties to fix this bug and we should see an efficient movement to stop this from happening again.
No word has been said yet about Alex Klyubin and other Bitcoin users effected by the attack, we should seem them reimbursed for the problems caused, if not, this can go onto a trial and we could see things get ugly for Google.
Source: Android Developer