Following Symantec’s warning of a security vulnerability that may affect hundreds of thousands of Android applications, Google itself confirmed the vulnerability on Wednesday, advising developers to update their applications with more secure techniques.
The vulnerability was exploited last week by a cracker who used it to rob $5,700 worth of Bitcoins from a Bitcoin wallet. The vulnerability is centered around a weakness in Android’s cryptographic system, which has been causing many, many applications to use weak, pseudo-randomly generated numbers for security.
“We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” wrote Google security engineer Alex Klyubin in a blog post. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected.”
PRNG is an acronym for “Pseudo Random Number Generator”, a basic component in all computerized cryptography. In the case of last week’s bitcoin theft, it is possible that Android apps may have signed multiple transactions using identical security numbers, due to the Android weakness.
In a blog post, Symantec researchers further explained, “Since transactions are public on the bitcoin network, attackers scanned the transaction block chain looking for these particular transactions to retrieve the private key and transfer funds from the bitcoin wallet without the owner’s consent.”
Google recommended that developers call random numbers more explicitly in their code in order to prevent this weakness from affecting their own applications.
While this incident will definitely cause some concern over Android security, it should also call into question the wisdom of bitcoins’ public, decentralized cryptographic practices. As one reader on Ars Technica points out, “A security system relying on the honor system doesn’t go far”.
Source: Ars Technica