A critical security vulnerability has been discovered in Android Bitcoin wallet apps that could leave users “vulnerable to theft”.
According to an official blog post at bitcoin.org, popular affected apps include – but are not limited to – Bitcoin Wallet, blockchain.info, Bitcoin Spinner, and Mycelium Wallet.
Bitcoin, for those who aren’t familiar with it, is a virtual digital currency (meaning it doesn’t exist physically in the real world, but can be used to purchase items online) that relies upon cryptography.
The problem appears to lie in a weakness in the way that Android phones and tablets generate the random numbers required for private keys, meaning that the key could be recoverable by someone else.
And if someone else can work out the private key to your Bitcoin wallet, that’s rather like knowing the PIN code for your bank account.
Affected users are being advised to keep a keen eye open for updates to their Android Bitcoin apps:
“If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”
There are already reports that Bitcoins may have been stolen from compromised addresses.
Imagine if a weakness like this were found impacting those of us who use traditional real-life banks…
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.