Bitcoin Forum
March 28, 2024, 05:58:20 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
Author Topic: [ANNOUNCE] Android key rotation  (Read 66319 times)
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1128


View Profile
August 11, 2013, 04:19:13 PM
Last edit: August 23, 2013, 06:47:46 PM by theymos
Merited by ABCbits (1)
 #1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----
1711605500
Hero Member
*
Offline Offline

Posts: 1711605500

View Profile Personal Message (Offline)

Ignore
1711605500
Reply with quote  #2

1711605500
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711605500
Hero Member
*
Offline Offline

Posts: 1711605500

View Profile Personal Message (Offline)

Ignore
1711605500
Reply with quote  #2

1711605500
Report to moderator
1711605500
Hero Member
*
Offline Offline

Posts: 1711605500

View Profile Personal Message (Offline)

Ignore
1711605500
Reply with quote  #2

1711605500
Report to moderator
1711605500
Hero Member
*
Offline Offline

Posts: 1711605500

View Profile Personal Message (Offline)

Ignore
1711605500
Reply with quote  #2

1711605500
Report to moderator
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1128


View Profile
August 11, 2013, 04:19:21 PM
Last edit: August 12, 2013, 07:24:01 PM by Mike Hearn
Merited by ABCbits (1)
 #2

Here are the rollout statuses of each wallet I'm aware of:

Bitcoin Wallet by Andreas Schildbach

An update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically. Learn more.

BitcoinSpinner / Mycelium Wallet

An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.

blockchain.info wallet

An update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.



Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.

Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.



I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised.
beerbeerbeer
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
August 11, 2013, 04:45:00 PM
 #3

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
Dougie
Full Member
***
Offline Offline

Activity: 211
Merit: 100


You are not special.


View Profile
August 11, 2013, 04:50:16 PM
Last edit: August 14, 2013, 09:52:57 AM by Dougie
 #4

This is very useful information. Thanks for the announcement.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1105



View Profile WWW
August 11, 2013, 04:50:36 PM
 #5

Oh dear. Thanks for the update.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
Blindfolded
Full Member
***
Offline Offline

Activity: 156
Merit: 100



View Profile
August 11, 2013, 04:51:37 PM
 #6

Thanks for the heads up.
Boelens
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
August 11, 2013, 04:52:23 PM
 #7

Oh wow, I'm glad all the warnings are spreading so quickly, everyone has to be informed ASAP.
piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1344


aka tonikt


View Profile WWW
August 11, 2013, 04:56:12 PM
 #8

done and done, thanks to you and this community for such watchfulness and timeliness with these kinds of issues.
You're joking, aren't you? Smiley

This post is over one month old, while this one over half a year...
Watchfulness my ass Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Boelens
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
August 11, 2013, 04:57:06 PM
 #9

Thank god I have an iPhone Smiley

I don't even have a smartphone ;P
E.Sam
Sr. Member
****
Offline Offline

Activity: 393
Merit: 250



View Profile WWW
August 11, 2013, 04:58:59 PM
 #10

Just wondering, would this affect Electrum as well?

http://electrum.org/android.html
apetersson
Hero Member
*****
Offline Offline

Activity: 668
Merit: 501



View Profile
August 11, 2013, 05:07:56 PM
Last edit: August 11, 2013, 08:42:46 PM by apetersson
 #11

If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com

if you download it from mycelium.com, you can check the sha1sum

Code:
dba000cad4cbf94a7b4c621f57482322c0a96678  mbw-v0.6.5.apk

There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.

  • generate a new key
  • backup this key (to sdcard or similar)
  • manually send funds to the new secure address.
  • move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
TippingPoint
Legendary
*
Offline Offline

Activity: 905
Merit: 1000



View Profile
August 11, 2013, 05:12:49 PM
 #12

a component of Android responsible for generating secure random numbers contains critical weaknesses

Thank you.
n4ru
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
August 11, 2013, 05:15:01 PM
 #13

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I ask because of change addresses.
Boelens
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
August 11, 2013, 05:16:20 PM
 #14

If an address is generated by a computer or other source, and then imported into a blockchain wallet, is it still vulnerable?

I think only if it's generated by Android.
HeroC
Legendary
*
Offline Offline

Activity: 858
Merit: 1000



View Profile
August 11, 2013, 05:21:39 PM
Last edit: August 11, 2013, 05:43:58 PM by HeroC
 #15

Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?

I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1128


View Profile
August 11, 2013, 05:21:51 PM
 #16

Because Bitcoin transactions require random numbers to create, if you generated spends with an imported key from Android then the key itself may be compromised, but this isn't a given, see here:

http://www.reddit.com/r/Bitcoin/comments/1k51dh/bad_signatures_leading_to_558_btc_theft_so_far/cblgtut

Xer0
Hero Member
*****
Offline Offline

Activity: 826
Merit: 1000


°^°


View Profile
August 11, 2013, 05:21:59 PM
 #17

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1129

All paid signature campaigns should be banned.


View Profile WWW
August 11, 2013, 05:29:34 PM
 #18

For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...
Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?
No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private key may be known.

Try this:

Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds.  There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction.  If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
elebit
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


View Profile
August 11, 2013, 05:32:09 PM
 #19

Could you please clarify:

1. Is this the same, or a different, issue from the one being discussed in the "Bad signatures" thread?

2. Is it absolutely and completely true that this is an Android issue, ie. hosted Blockchain.info wallets and other wallet software written in Java is not affected?

3. I generated my wallet keys off-device. Am I still vulnerable?

4. I generated my wallet keys on-device but have only received funds and not sent any, so no transactions were actually generated by the Android application. Am I still vulnerable?

5. If it turns out from any of the above two reasons that I am not vulnerable, will the update to Android Wallet specifically still rotate my wallet? There are probably a lot of wallets out there who would be greatly hurt by unnecessary transaction fees.
n4ru
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
August 11, 2013, 05:33:40 PM
Last edit: August 11, 2013, 05:47:46 PM by n4ru
 #20

So basically, Google pulled a Sony...

Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!