Mike Hearn



Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 [ANNOUNCE] Android key rotation August 11, 2013, 04:19:13 PM

Last edit: August 23, 2013, 06:47:46 PM by theymos #1

Hash: SHA512



http://bitcoin.org/en/alert/2013-08-11-android



We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.



In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.



If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.



Updates for other wallet apps should be released shortly.



Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.

-----BEGIN PGP SIGNATURE-----

Comment: GPGTools -



iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74

svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU

HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv

Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7

lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds

Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=

=AFBd

-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.Updates for other wallet apps should be released shortly.Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.-----BEGIN PGP SIGNATURE-----Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTUHTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHvKe5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpdsRx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24==AFBd-----END PGP SIGNATURE-----

Mike Hearn



Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 Re: [ANNOUNCE] Android key rotation August 11, 2013, 04:19:21 PM

Last edit: August 12, 2013, 07:24:01 PM by Mike Hearn #2



Bitcoin Wallet by Andreas Schildbach



An update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically.



BitcoinSpinner / Mycelium Wallet



An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.



blockchain.info wallet



An update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.





Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.



Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.



For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.





I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised. Here are the rollout statuses of each wallet I'm aware of:An update has been prepared and is now rolling out on the play store. When you are notified, let the app update and the rest will happen automatically. Learn more An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.An update is on the Play Store that will walk you through the key rotation process when you open it. Upgrade immediately and follow the on screen instructions.Please note that apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated or controlled by you at all.Basic rule of thumb - if you'd lose the money if the phone/tablet were destroyed (assuming no backups), and that device is an Android device, then you need to upgrade ASAP.For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.I'd like to publicly thank Jean-Pierre Rupp (Xeno-Genesis on this forum) for bringing one of the vulnerabilities to our attention last week. His notification to us about the RSA paper started the effort needed to re-key peoples wallets. I'd also like to thank johoe and BurtW for their investigations into how peoples wallets were being compromised.

Dougie



Offline



Activity: 211

Merit: 100





You are not special.







Full MemberActivity: 211Merit: 100You are not special. Re: [ANNOUNCE] Android key rotation August 11, 2013, 04:50:16 PM

Last edit: August 14, 2013, 09:52:57 AM by Dougie #4 This is very useful information. Thanks for the announcement. Lurking since 2011...

1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH

apetersson



Offline



Activity: 668

Merit: 501









Hero MemberActivity: 668Merit: 501 Re: [ANNOUNCE] Android key rotation August 11, 2013, 05:07:56 PM

Last edit: August 11, 2013, 08:42:46 PM by apetersson #11



if you download it from mycelium.com, you can check the sha1sum



Code: dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk



There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.



generate a new key

backup this key (to sdcard or similar)

manually send funds to the new secure address.

move your empty old key to the Archive category

Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys. If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.comif you download it from mycelium.com, you can check the sha1sumThere will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses.Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.

HeroC



Offline



Activity: 860

Merit: 1000





GPG: FA122C1A | IRC: HeroCC







LegendaryActivity: 860Merit: 1000GPG: FA122C1A | IRC: HeroCC Re: [ANNOUNCE] Android key rotation August 11, 2013, 05:21:39 PM

Last edit: August 11, 2013, 05:43:58 PM by HeroC #15 Woah, I have 2 addresses with only 0.002 in them that I generated a year ago. Are they safe? What should I do?



I also imported a vanity address to blockchain.info. Is that safe? I only made one transaction out of it. I generated many other addresses through blockchain.info but never sent anything from them. Are they safe?

BurtW



Offline



Activity: 2604

Merit: 1078



All paid signature campaigns should be banned.







LegendaryActivity: 2604Merit: 1078All paid signature campaigns should be banned. Re: [ANNOUNCE] Android key rotation August 11, 2013, 05:29:34 PM #18 Quote from: Xer0 on August 11, 2013, 05:21:59 PM Quote from: Mike Hearn on August 11, 2013, 04:19:21 PM For blockchain.info wallets, even if the keys were generated on a desktop/laptop computer or iPhone, if any payments were made from an Android device, you are also affected. Likewise, if you have imported private keys from elsewhere into an Android wallet and made payments with it, you may also be affected.

Don't get this...

Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable?

Don't get this...Wallet created with Bitcoin-QT; imported to Blockchain, but created new Address in Browser - still vulnerable? may be known.



Try this:



Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds. There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction. If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures. No matter when or where created if you SPENT BTC from an address using a wallet on an android device then the private keybe known.Try this:Basically every bitcoin transaction is signed in order to prove you have the private key and can transfer the funds. There is a bug in the secure random number generator on the android phones that causes it to sometimes use the same random number to sign a transaction. If you sign two different transactions with the same private key and the same random number then it is very easy to just calculate the private key from the two signatures. Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!