Security Vulnerability in Android Creates Bitcoin Fraud Threat
Despite previous claims by Bitcoin developers that its open-source wallet application provides “a strong level of protection against many types of fraud,” developers announced Sunday that weaknesses within the Android operating system are responsible for rendering all Android wallets generated to date vulnerable to theft.
The issue lies within the area of the OS that should be generating secure and random key codes, which is why the problem only affects wallets generated by Android applications.
Some applications affected include Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner, and Mycelium Wallet. Front-end applications such as Coinbase or MtGox are not vulnerable since private keys are not generated on the Android device.
Updates are still being prepared for clockchain.info and BitcoinSpinner. The update for Bitcoin Wallet is currently under beta testing, and Mycelium Wallet has already received an update. It is strongly recommended to update as soon as a new version is available. In the meantime, key rotation is necessary, according to the Bitcoin developers in their Aug. 11 blog post. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself…Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”
The discovery just so happened to coincide with a ruling made by Magistrate Judge Amos Maazant of the Eastern District of Texas federal court that the online payment form be thought of as a true currency. The ruling sets a precedence that anyone committing fraud with the “online crypto-currency” could be looking at more severe penalties. Jon Matonis, executive director of the Bitcoin Foundation, predicted that the International Standards Organization may eventually classify the currency as a “non-national” commodity, which does not need to be issued or backed by any government. Matonis said the ruling “highlights the fact that Bitcoin is becoming recognized as commodity money in the same way that gold and silver are recognized as money.”