Correspondent for IDG Jeremy Kirk (@Jeremy_Kirk) published a report providing an update on the security vulnerability affecting nearly all mobile Bitcoin wallet apps for Android. Excerpts:
“Four Android Bitcoin clients — Bitcoin Wallet, Blockchain, Mycelium Bitcoin Wallet and BitcoinSpinner — have been fixed, according to an updated notice on Bitcoin.org.”
“In some cases, the supposedly random numbers were the same for different transactions, which could allow an attacker to determine someone’s private key and steal their bitcoins.”
“Tens of thousands of other [non Bitcoin-related] Android applications may be vulnerable, Symantec wrote. The company found more than 360,000 applications that use the SecureRandom class in the same way as the affected Bitcoin applications.”
“Symantec noted that applications running on Android version 4.2 and up may not be affected […]”.