James Delahunty
13 Aug 2013 14:55
A flaw in an Android feature has put Bitcoin wallets at risk, according to security alerts published ahead of vital updates.
The problem lies in a component of Android responsible for generating secure random numbers, which has been found to contain a critical weakness. Given that the problem lies with Android itself, it could affect you if you have a wallet generated by any Android app. Such affected apps include Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.
Updates have already been issued for BitCoin Wallet (v3.15), BitcoinSpinner (0.8.3b), Mycelium Bitcoin Wallet (0.7.0) and blockchain.info (3.54).
"In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself," a Bitcoin security advisory suggests.
"If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one."