Google Admits Bitcoin Thieves Exploited Android Crypto PRNG Flaw 183
rjmarvin writes "The theft of 55 Bitcoins, or about $5,720, through Android wallet apps last week was made possible because of flaws in Android's Java and OpenSSL crypto PRNG, Google revealed in a blog post. In the wake of a Bitcoin security advisory and a Symantec vulnerability report, the Android Developers Blog admitted the reason the thieves were able to pilfer their wallet apps. The flaws are already, or in the process of being repaired."
How does this get fixed? (Score:5, Insightful)
Is it up to the OEM to backport the patch to all the various android versions that they have? If so, this vulnerability will live forever.
It's like google and its partners are building this huge botnet of vulnerable devices. Every year it gets bigger.
Too many insecure systems ... (Score:5, Insightful)
This is why I wouldn't ever consider having my cell phone be something which can directly access my money.
I don't trust the makers to competently build in security, and I believe that once everyone knows your cell phone is likely to be tied to your bank account, it's a soft target.
They keep trying to find new ways to make it more 'convenient' to use these things to spend money, but 'convenient' in this case means insecure and fraught with privacy issues (and extra service fees if they can get away with it).
Same with that tap to pay mechanism ... wow, you mean anybody with my physical card can spend my money without authorization? Gee, sign me up for that.
Tech companies want to make a product or app for pretty much everything -- and a lot of them I find myself asking "who would want that?".
Now, mind the steps while you're leaving my lawn, and don't trip on the sprinkler.
Why is the industry still using pseudo-randoms? (Score:5, Insightful)
True random numbers are as simple as a reversed Zener diode connected to an A/D converter... quantum tunneling across the diode creates truly random signal, equivalent to thermal noise.
So why isn't every CPU nowadays equipped with this, so that the RND function is done in hardware?
Re:How does this get fixed? (Score:4, Insightful)
Which to me pokes holes in the theory this is up to the consumer to be responsible for.
The vast majority of people looking to buy a smart phone won't likely know much about what versions of the OS the phone is running.
It's like selling a product you know might catch fire and kill someone -- you can't just say it's up to the consumer to not buy that model.
Amateurs. OpenSSL is _not_ the problem. (Score:5, Insightful)
This is not an OpenSSL-flaw. Proper initialization of a CPRNG is critical and the OpenSSL documentation states that. The choice of OpenSSL is however especially bad with a bad initialization, as the OpenSSL CPRNG does not continue to seed the generator with additional entropy during its operation, unlike /dev/random or /dev/urandom. Google messed up spectacularly in two regards:
1. They had nobody that understood secure random number generation on the team
2. They did not have their solution independently reviewed by a competent 3rd party
They also selected a CPRNG especially vulnerable to bad seeding and did not use a source of good seeding readily available.
These mistakes are on low amateur level when implementing cryptographic functionality. The dangers of bad CPRNG seeding have been well understood for decades. This looks like the all-to-often found mixture of incompetence and arrogance.
Re:Where is Tuppe666? (Score:2, Insightful)
BitCoin, SchmitCoin!
If this is the kind of stunt being pulled off, it a'int no BitCoin that I worry about.
GooglePay from Android phones. There's where you can make your pennyshaving pay big rewards.
I would run over my phone with a truck, before trusting Android with real account information.