Author: Andreas M. Antonopoulos 2013-08-11 18:21:28
Published on: 2013-08-11T18:21:28+00:00
On August 11, 2013, Mike Hearn sent an email alerting the Bitcoin community to severe vulnerabilities in the Android implementation of the Java SecureRandom class. As a result, private keys generated on Android phones and tablets were weak, and some signatures had colliding R values, allowing money to be stolen. An update for the Bitcoin Wallet app was prepared that bypassed the system SecureRandom implementation and read directly from /dev/urandom instead, which was believed to be functioning correctly. Users did not need to intervene as the automated re-keying process was controlled by Andreas via a percentage throttle. A fixed APK was available for download, and other wallet maintainers were notified and working on similar updates. The public security alert and a link to the fixed APK were provided in the email. There was also a request for an audio interview to be conducted for the Let's Talk Bitcoin show to explain the issue and workaround/resolution.
Updated on: 2023-06-07T15:47:37.868288+00:00