CRYPTOCURRENCY MAKER The Bitcoin Foundation has announced the discovery of "critical weaknesses" in the Android mobile operating system (OS) that renders users of Bitcoin wallet apps vulnerable to theft.
According to the foundation the culprit is Android's random number generator, which is usually employed to help keep the electronic cash system safe. However, it has been discovered to contain bugs that have been exploited to steal balances from wallet app users.
"Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app," the foundation warned on its bitcoin.org website, saying that the apps Bitcoin Wallet, blockchain.info wallet, Bitcoinspinner and Mycelium Wallet are the major apps hit by the vulnerability.
However, the foundation revealed that the apps where you don't control the private keys are not affected by the bug. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated by an Android phone.Trend Micro's Rik Ferguson told us there is no evidence yet that it has been actively exploited.
"For those people using bit coin wallets on their mobile devices, lets hope the app updates, that are already appearing, with fixed random number generators are timely," he said.
"It will be also interesting to see how the underlying issue in Android affects other apps that rely on cryptography and how a fix can be rolled out across that notoriously fragmented ecosystem."
The company advised that "key rotation" should be performed in order to keep wallets that are affected secure and prevent theft.
"This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself," Bitcoin explained.
The firm recommends users upgrade to the latest version available in the Google Play store as soon as one becomes available.
"Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one," Bitcoin added.
"If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book." You will then need to make a fresh backup.
The Bitcoin currency is not the most trusted electronic cash system and the news of the vulnerability is bound to put off some people who were already dubious about the coinage. Late last month, Thailand made the trading of Bitcoins illegal within its borders. The currency has been attempting to register in the country, but has not been permitted to do so. µ
Sign up for INQbot – a weekly roundup of the best from the INQ