Recently, a serious cryptography problem was discovered in Android. The exploit, when used by hackers to break into Bitcoin wallets, would’ve enabled them to steal the currency. In view of the security loophole, several Bitcoin applications have upgraded their wallets.
The Android exploit could affect any such Bitcoin applications which rely on an Android component. Specifically, the Java SecureRandom class, which is used to generate random numbers automatically, was found to be problematic when it started generating same numbers for different transactions.
Such repetition in what are supposed to be random transaction numbers can allow a hacker to figure out a user’s private key and by using it, steal the user’s Bitcoins.
Bitcoin.org was quick to dish out a solution for this problem, “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”
So far, a number of Bitcoin clients relying on Android have been fixed. These include Blockchain, Bitcoin Wallet, BitcoinSpinner and Mycelium Bitcoin Wallet. It has been reported that in the past, similar security exploits have been used to hack into PS3 machines, which goes on to show that the said Android exploit is serious in its nature. We hope that other Bitcoin clients too will be upgraded soon before hackers make use of this exploit.