Mike Hearn (OP)
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
August 11, 2013, 04:19:13 PM Last edit: August 23, 2013, 06:47:46 PM by theymos |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 http://bitcoin.org/en/alert/2013-08-11-androidWe recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup. Updates for other wallet apps should be released shortly. Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.orgiQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74 svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7 lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24= =AFBd -----END PGP SIGNATURE-----
|
|
|
|
Mike Hearn (OP)
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
August 11, 2013, 04:19:21 PM Last edit: August 12, 2013, 07:24:01 PM by Mike Hearn |
|
Here are the rollout statuses of each wallet I'm aware of: Bitcoin Wallet by Andreas SchildbachAn update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically. Learn more. BitcoinSpinner / Mycelium WalletAn update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people. blockchain.info walletAn update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.
Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all. Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP. For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.
I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised.
|
|
|
|
beerbeerbeer
Newbie
Offline
Activity: 2
Merit: 0
|
|
August 11, 2013, 04:45:00 PM |
|
done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
|
|
|
|
Dougie
Full Member
Offline
Activity: 211
Merit: 100
You are not special.
|
|
August 11, 2013, 04:50:16 PM Last edit: August 14, 2013, 09:52:57 AM by Dougie |
|
This is very useful information. Thanks for the announcement.
|
Lurking since 2011... 1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1112
|
|
August 11, 2013, 04:50:36 PM |
|
Oh dear. Thanks for the update.
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
Blindfolded
|
|
August 11, 2013, 04:51:37 PM |
|
Thanks for the heads up.
|
|
|
|
Boelens
|
|
August 11, 2013, 04:52:23 PM |
|
Oh wow, I'm glad all the warnings are spreading so quickly, everyone has to be informed ASAP.
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2053
Merit: 1354
aka tonikt
|
|
August 11, 2013, 04:56:12 PM |
|
done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
You're joking, aren't you? This post is over one month old, while this one over half a year... Watchfulness my ass
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
Boelens
|
|
August 11, 2013, 04:57:06 PM |
|
Thank god I have an iPhone I don't even have a smartphone ;P
|
|
|
|
|
apetersson
|
|
August 11, 2013, 05:07:56 PM Last edit: August 11, 2013, 08:42:46 PM by apetersson |
|
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com if you download it from mycelium.com, you can check the sha1sum dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses. - generate a new key
- backup this key (to sdcard or similar)
- manually send funds to the new secure address.
- move your empty old key to the Archive category
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
|
|
|
|
TippingPoint
Legendary
Offline
Activity: 905
Merit: 1000
|
|
August 11, 2013, 05:12:49 PM |
|
a component of Android responsible for generating secure random numbers contains critical weaknesses
Thank you.
|
|
|
|
n4ru
|
|
August 11, 2013, 05:15:01 PM |
|
If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?
I ask because of change addresses.
|
|
|
|
Boelens
|
|
August 11, 2013, 05:16:20 PM |
|
If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?
I think only if it's generated by Android.
|
|
|
|
HeroC
Legendary
Offline
Activity: 858
Merit: 1000
|
|
August 11, 2013, 05:21:39 PM Last edit: August 11, 2013, 05:43:58 PM by HeroC |
|
Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?
I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?
|
|
|
|
|
Xer0
|
|
August 11, 2013, 05:21:59 PM |
|
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected. Don't get this... Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
August 11, 2013, 05:29:34 PM |
|
For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected. Don't get this... Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable? No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private key may be known. Try this: Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds. There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction. If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
elebit
|
|
August 11, 2013, 05:32:09 PM |
|
Could you please clarify:
1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?
2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?
3. I generated my wallet keys off-device. Am I still vulnerable?
4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?
5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
|
|
|
|
n4ru
|
|
August 11, 2013, 05:33:40 PM Last edit: August 11, 2013, 05:47:46 PM by n4ru |
|
So basically, Google pulled a Sony...
|
|
|
|
|