Security Flaw Found in All Android Bitcoin Wallets

The Bitcoin Foundation recently announced that a critical weakness in a component of Android that’s responsible for generating secure random numbers means that all Android Bitcoin wallets are vulnerable to theft (h/t The Register).

“An incomplete list would be Bitcoin Wallet, wallet, BitcoinSpinner and Mycelium Wallet,” the statement notes. “Apps where you don’t control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.”

Updates are being prepared for Bitcoin Wallet, and BitcoinSpinner. Version 0.6.5 of Mycelium Wallet has been released to resolve the issue.

“In order to re-secure existing wallets, key rotation is necessary,” the Bitcoin Foundation notes. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself.”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles