Google recognizes dangerous bug in crypto module Android




The security team at Google acknowledge that Android contains vulnerabilities in the pseudo random number generator of the Java Cryptography Architecture. Using an exploit would all Bitcoins are robbed. Hundreds of thousands of apps, the bug may contain.

Android developer Alex Klyubin describes on the Android Developers Blog vulnerabilities in the Java Cryptography Architecture. The randomiserfuncties in the Secure Random class would generate sufficient strong random values, while these are necessary for tasks such as key generation and signing files. Also called OpenSSL PRNG module in Android would be vulnerable. The problems arise in Android 4.2 and all previous versions of Google’s mobile operating system.

The bugs in cryptography components are found after criminals scanned cryptographic keys by Bitcoin apps on Android were generated. The scanning work was carried out in the so-called block chain, wherein all Bitcoin-transactions to be processed continuously. This would allow criminals Bitcoins from the wallets of some users have been able to steal .

Klyubin states that there are now patches which apps are made in a safe manner to generate random numbers. The patches are delivered to Android manufacturers. Furthermore, Klyubin to Android developers some clues how to adapt. Their apps Symantec warns that perhaps hundreds of thousands of apps vulnerable because of the bugs in Secure Random.


Tags: ,

In: Technology & Gadgets Asked By: [15536 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »