The tech giant has recently confirmed reports of a weakness in Android’s Java Cryptography Architecture which has made BitCoin wallets vulnerable to theft. According to the reports, about $5,700 worth of the BitCoin currency had been stolen because of the vulnerability on Android.
Android security engineers admitted that apps using the Java Cryptography may not receive cryptographically strong values on Android devices. In response, the BitCoin Foundation, which oversees the BitCoin economy, has warned developers of Android wallet apps to update them as soon as possible, while also encouraging users to update their apps or transfer their cyber currency to more secure wallets. The outfit explained that the problem would affect everyone who had a wallet generated by any Android application.
Security engineers have released instructions for developers on one way to update their applications in order to fix the vulnerability. Google has also announced that its Android team have developed patches and provided these to handset partners.
Earlier, security company Symantec has claimed that hundreds of thousands of Android applications – not only BitCoin wallets, but also games, productivity, music and other kinds of apps – may also be affected by the flaw in Android’s SecureRandom component for generating secure random numbers. The security experts showed the breakdown of Android application which are potentially affected by the SecureRandom vulnerability – it was found that more than 320,000 apps using SecureRandom do it in the same way the BitCoin wallets did.
As such, security experts strongly advise users of Android BitCoin wallet applications to check whether they are affected and if they do, to follow the steps published by bitcoin.org in order to ensure safety of their funds. The BitCoin Foundation revealed that the total value of all currency in circulation is over $1.3 billion, while its website claims that there has been only one major security incident in the protocol, fixed three years ago.
The current problem is regarded as controversial – while BitCoin critics call it a further reason to be cautious about cyber currency, its supporters point at the speed with which the vulnerability was identified and addressed.
Android security engineers admitted that apps using the Java Cryptography may not receive cryptographically strong values on Android devices. In response, the BitCoin Foundation, which oversees the BitCoin economy, has warned developers of Android wallet apps to update them as soon as possible, while also encouraging users to update their apps or transfer their cyber currency to more secure wallets. The outfit explained that the problem would affect everyone who had a wallet generated by any Android application.
Security engineers have released instructions for developers on one way to update their applications in order to fix the vulnerability. Google has also announced that its Android team have developed patches and provided these to handset partners.
Earlier, security company Symantec has claimed that hundreds of thousands of Android applications – not only BitCoin wallets, but also games, productivity, music and other kinds of apps – may also be affected by the flaw in Android’s SecureRandom component for generating secure random numbers. The security experts showed the breakdown of Android application which are potentially affected by the SecureRandom vulnerability – it was found that more than 320,000 apps using SecureRandom do it in the same way the BitCoin wallets did.
As such, security experts strongly advise users of Android BitCoin wallet applications to check whether they are affected and if they do, to follow the steps published by bitcoin.org in order to ensure safety of their funds. The BitCoin Foundation revealed that the total value of all currency in circulation is over $1.3 billion, while its website claims that there has been only one major security incident in the protocol, fixed three years ago.
The current problem is regarded as controversial – while BitCoin critics call it a further reason to be cautious about cyber currency, its supporters point at the speed with which the vulnerability was identified and addressed.
No comments:
Post a Comment