http://www.v3.co.uk/v3-uk/news/2288778/android-securerandom-bitcoin-wallet-vulnerability-could-be-used-to-hack-more-than-300-000-apps
By Alastair Stevenson
V3.co.uk
14 Aug 2013
A flaw in Google Android's cryptographic protocols is leaving as many as
360,000 applications open to attack, Symantec claims.
The security firm announced the figure in a blog post, claiming that the
vulnerability, announced by Bitcoin earlier this week, may have wider
implications.
"Certain Bitcoin wallet applications using Android's SecureRandom signed
multiple transactions using an identical 'random' number. Since transactions
are public on the Bitcoin network, attackers scanned the transaction block
chain looking for these particular transactions to retrieve the private key and
transfer funds from the Bitcoin wallet without the owner's consent," read the
Symantec blog post.
"Other Android apps may be vulnerable to similar attacks depending on how they
implement SecureRandom. Looking at Norton Mobile Insight data, we have found
over 360,000 applications that make use of SecureRandom and over 320,000 of
them use SecureRandom in the same way the Bitcoin wallets did."
[...]
--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
