Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist

0
523

William Ward Google developers have confirmed a cryptographic vulnerability in the Android operating system that researchers say could generate serious security glitches on hundreds of thousands of end user apps, many of them used to make Bitcoin transactions. This weakness in Android’s Java Cryptography Architecture is the root cause of a Bitcoin transaction that reportedly was exploited to pilfer about $5, 720 worth of bitcoins out of a digital wallet  last week. The disclosure, included in a blog post published Wednesday by Google security engineer Alex Klyubin, was the first official confirmation of the Android vulnerability since Ars and others  reported the incident  last weekend. Klyubin warned that other apps might also be compromised unless developers change the way they access so-called PRNGs, short for pseudo random number generators. “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG, ” he wrote. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected.” Apps that establish encrypted connections using the HttpClient and java.net classes aren’t vulnerable. Read 5 remaining paragraphs | Comments        

Read this article:
Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.