Security Flaw Found in All Android Bitcoin Wallets
The vulnerability lies in a component of Android responsible for generating secure random numbers.
The Bitcoin Foundation recently announced that a critical weakness in a component of Android that's responsible for generating secure random numbers means that all Android Bitcoin wallets are vulnerable to theft (h/t The Register).
"An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet," the statement notes. "Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone."
Updates are being prepared for Bitcoin Wallet, blockchain.info and BitcoinSpinner. Version 0.6.5 of Mycelium Wallet has been released to resolve the issue.
"In order to re-secure existing wallets, key rotation is necessary," the Bitcoin Foundation notes. "This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself."