Google fixes Android Bitcoin theft vulnerability

Google has released a fix for a bug in its Android smartphone operating system that meant that hackers could target certain Bitcoin wallet apps.

The tech giant’s security experts say they have now fixed the vulnerability, which involved a weakness in Android’s pseudorandom number generator.

The bug meant that cyber attackers could compromise private keys in Bitcoin wallet apps and fraudulently send Bitcoins to their own accounts.

Google security engineer Alex Klyubin said: “”Applications that establish TLS/SSL connections using the HttpClient and java.net classes are not affected, as those classes do seed the OpenSSL PRNG with values from /dev/urandom.”

He said that Google had sent the patch to phone networks worldwide, and over time these carriers would be making the fix available to their customers.

Bitcoin has advised Android users to update their wallet apps and generate new keys. Google has issued advice to app developers.

Article updated on 16th August 2013.

How can you protect your employees BYOD devices from cyber attacks? Find out at The European Information Security Summit 2014.

Transform your IT department to align with business objectives at IT Transformation 2013.

Tags: , ,