Bitcoin Forum
November 15, 2024, 03:54:41 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Google PATCHES critical Android crypto flaw used in $5,700 Bitcoin heist  (Read 1227 times)
millsdmb (OP)
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 15, 2013, 02:36:51 AM
Last edit: August 15, 2013, 07:53:46 PM by millsdmb
 #1

Thought I'd share

http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
Chef Ramsay
Legendary
*
Offline Offline

Activity: 1568
Merit: 1001



View Profile
August 15, 2013, 03:58:30 AM
 #2

A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
August 15, 2013, 06:12:15 AM
 #3

google "crypto flaw" or google nsa back-door?

... guess we'll never know, they got laws for lying about stuff like that.

Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
August 15, 2013, 02:32:14 PM
 #4

Quote
Symantec researchers said in their blog post. "Since transactions are public on the Bitcoin network, attackers scanned the transaction block chain looking for these particular transactions to retrieve the private key and transfer funds from the Bitcoin wallet without the owner’s consent."

I wasn't aware Symantec was interested in bitcoin... There are actually a lot of related posts in their blogs. Shocked
Here is the one the article mentions.

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
millsdmb (OP)
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 15, 2013, 07:53:55 PM
 #5

UPDATED: they say it's patched.

http://biztechreport.co.uk/2013/08/google-fixes-android-bitcoin-theft-vulnerability/

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
threeip
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile WWW
August 15, 2013, 08:51:09 PM
 #6

Don't store coins on your phone etc etc

My Android wallet is safe, it moved my 0.007BTC for me...

ส็็็็็็็็็็็็็็็็็็็็็็็็็ GPG:2AFD99BB ಠ_ಠ mon
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
August 15, 2013, 10:10:18 PM
 #7

I'm wondering what commonly used code on Android has been accessing this "flawed" RNG ... e.g. TSL connections, banking apps?

Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
August 15, 2013, 10:37:04 PM
 #8

I'm wondering what commonly used code on Android has been accessing this "flawed" RNG ... e.g. TSL connections, banking apps?

Browser based SSL and TLS are apparently unaffected, only apps that access this specific (legacy) Apache crypto library have the problem, which presumably extends to apps other than the Bitcoin wallet coterie

Vires in numeris
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
August 15, 2013, 10:42:49 PM
 #9

A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer.

Any idea when Trezor will be released?  I can't find a date anywhere.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
threeip
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile WWW
August 15, 2013, 10:44:35 PM
 #10

A friend of mine lost his 5 coins by having this android app and now he's spooked. Told him to play it safe and get a trezor for his computer.

Any idea when Trezor will be released?  I can't find a date anywhere.

http://www.bitcointrezor.com/eshop/

Delivery est. October/November 2013

ส็็็็็็็็็็็็็็็็็็็็็็็็็ GPG:2AFD99BB ಠ_ಠ mon
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!