forked from bitcoin-dot-org/Bitcoin.org
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path2013-08-11-android.html
30 lines (22 loc) · 2.86 KB
/
2013-08-11-android.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
---
title: "Android Security Vulnerability"
active: true
alias: "android"
banner: ""
---
<h2>What happened</h2>
<p>We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en">Bitcoin Wallet</a>, <a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android&hl=en">blockchain.info</a> wallet, <a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner&hl=en">BitcoinSpinner</a> and <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en">Mycelium Wallet</a>. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.</p>
<h2>What is being done</h2>
<p>Updates are being prepared for the following wallet apps:</p>
<ul>
<li><b><a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en">Bitcoin Wallet</a></b>: Update has been prepared and is in beta testing now. <a href="https://bitcointalk.org/index.php?topic=271846.0">Learn more</a>.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner&hl=en">BitcoinSpinner</a></b>: Update is being prepared.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en">Mycelium Wallet</a></b>: Update has been prepared and is under review. <a href="https://bitcointalk.org/index.php?topic=271831.msg2912260#msg2912260">Learn more</a>.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android&hl=en">blockchain.info</a></b>: Update is being prepared.</li>
</ul>
<h2>What you should do</h2>
<p>In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. </p>
<p>If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.</p>
<div style="text-align:right">
<i>This notice last updated: Sun Aug 12 00:28:00 UTC 2013</i>
</div>