Security flaw leaves Android Bitcoin wallets vulnerable to theft

Bitcoin wallets generated on Android are thought to be suffering from a random number generation weakness.

Read this

Bitcoin: More ideology than trustworthy currency

Bitcoin's appeal is its promise to fulfil certain libertarian geek fantasies, but right now, there's little to distinguish this digital currency from an elaborate scam.

Read More

Bitcoin wallets generated by Android devices are vulnerable to theft caused by a problem in the way Android generates random numbers.

Developers at issued an alert on Sunday strongly recommending Bitcoin owners using Android wallets update to new versions of their preferred wallet once they became available.

A number of Android Bitcoin wallets — such as Bitcoin Wallet, BitcoinSpinner, Mycelium Wallet and — were preparing updates that address the flaw, according to the notice.

According to a description of the flaw by Bitcoin Wallet, which has released a beta fix, "Android SecureRandom class has multiple severe bugs that render it useless for cryptographic purposes".

Bitcoin apps by exchanges such as Mt Gox and Coinbase are not affected since the private keys for those apps are not generated on the Android device.  

Technical details of the Android flaw have not been released. However, Bitcoin Magazine suggests the affected random number generator produces numbers that are not so random and points to a number of thefts that have occurred as a result of the flaw.

The fix involves generating a new address with a repaired random number generator. Users would then send the money in their existing wallet to the new one.

"Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one," developers noted. 

A member on the forum also noted that keys generated by wallets on desktops or iPhone can also be vulnerable if payments were also made from an Android device.