Android SecureRandom Bitcoin wallet vulnerability could be used to hack more than 300, 000 apps

[InfoSec News <alerts () infosecnews org>]

http://www.v3.co.uk/v3-uk/news/2288778/android-securerandom-bitcoin-wallet-vulnerability-could-be-used-to-hack-more-than-300-000-apps

By Alastair Stevenson
V3.co.uk
14 Aug 2013

A flaw in Google Android's cryptographic protocols is leaving as many as 
360,000 applications open to attack, Symantec claims.

The security firm announced the figure in a blog post, claiming that the 
vulnerability, announced by Bitcoin earlier this week, may have wider 
implications.

"Certain Bitcoin wallet applications using Android's SecureRandom signed 
multiple transactions using an identical 'random' number. Since transactions 
are public on the Bitcoin network, attackers scanned the transaction block 
chain looking for these particular transactions to retrieve the private key and 
transfer funds from the Bitcoin wallet without the owner's consent," read the 
Symantec blog post.

"Other Android apps may be vulnerable to similar attacks depending on how they 
implement SecureRandom. Looking at Norton Mobile Insight data, we have found 
over 360,000 applications that make use of SecureRandom and over 320,000 of 
them use SecureRandom in the same way the Bitcoin wallets did."

[...]



--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/