mirror of
https://github.com/seigler/dash-docs
synced 2025-07-27 09:46:12 +00:00
31 lines
3.7 KiB
HTML
31 lines
3.7 KiB
HTML
---
|
|
title: "Android Security Vulnerability"
|
|
active: true
|
|
alias: "android"
|
|
banner: ""
|
|
---
|
|
|
|
<h2>What happened</h2>
|
|
|
|
<p>We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Bitcoin Wallet</a>, <a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">blockchain.info</a> wallet, <a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner">BitcoinSpinner</a> and <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Mycelium Wallet</a>. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.</p>
|
|
|
|
<h2>What is being done</h2>
|
|
|
|
<p>Updates are being prepared for the following wallet apps:</p>
|
|
<ul>
|
|
<li><b><a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Bitcoin Wallet</a></b>: Update 3.15 can be installed from <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Google Play</a> or <a href="http://code.google.com/p/bitcoin-wallet/downloads/list">Google Code</a>. Key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.</li>
|
|
<li><b><a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner">BitcoinSpinner</a></b>: BitcoinSpinner users are encouraged to upgrade to <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Mycelium Wallet</a>, from the same developers.</li>
|
|
<li><b><a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Mycelium Bitcoin Wallet</a></b>: Update 0.7.0 can be installed from <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Google Play</a> or <a href="http://mycelium.com/">mycelium.com</a>. A wizard will guide you through the process of moving your bitcoins to newly generated addresses, and put the old keys into archive mode.</li>
|
|
<li><b><a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">blockchain.info</a></b>: Update 3.52 can be installed from <a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">Google Play</a>. This update requires you to create a new Bitcoin address and move all of your funds to this address manually. Another update is being prepared to handle this process automatically.</li>
|
|
</ul>
|
|
|
|
<h2>What you should do</h2>
|
|
|
|
<p>In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.</p>
|
|
|
|
<p>If you can't update your Android app, alternatively, you can send your bitcoins to a Bitcoin wallet on your computer until your
|
|
Android app can be updated. You should make sure not to send back your bitcoins to your old insecure addresses.</p>
|
|
|
|
<div style="text-align:right">
|
|
<i>This notice last updated: Mon, 12 Aug 2013 15:51:00 UTC</i>
|
|
</div>
|