Report: Android security flaw puts Bitcoin wallets at risk

According to Bitcoin, the solution is known as "key rotation."

Over the past few years, smartphones have made a lot of things possible that were never really feasible before, from remote car starting to easy on-the-go monitoring of bank accounts. However, as smartphone apps have become more advanced, encouraging users to input more and more personal information into their devices, users have also made themselves considerably more susceptible to security breaches, identity theft, and other unfortunate occurrences. According to a report published by CNET on Sunday, a security vulnerability in the digital wallet app Bitcoin could present such dangers.

Introduced in 2008, Bitcoin is an open source piece of software that allows for easy and remote financial transactions, not unlike the more well-known PayPal. However, according to a Bitcoin blog post that hit the net on Sunday, there is a security vulnerability with the Android version of the app that could lead to theft.

“We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft,” a message on Bitcoin’s website read. “Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. Apps where you don’t control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.”

Bitcoin is working to solve the problem on their end, tailoring new app updates for Bitcoin Wallet, BitcoinSpinner, Mycelium Wallet, and blockchain.info that will avoid generating wallets using the flawed Android component in the future. However, current Bitcoin users are not out of the woods yet. Since most Bitcoin Android accounts were created using flawed software, users on that platform will need to take their own steps to protect their wallet accounts–and the money they contain–from potential security breaches.

So how can you solve the problem? According to Bitcoin, the solution is known as “key rotation.”

“If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available,” the company added. “Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”

Unfortunately, older accounts are compromised and cannot be repaired. Users will therefore need to generate a wholly new wallet address, utilizing the repaired random number generator inherent in the new updates to Bitcoin’s apps. Once a new wallet exists, users can send all of the money in their vulnerable account to their new, secured account.