Android vulnerability hits Bitcoin apps and more

When a random number is not so random, security pays the price

Android users of Bitcoin are being advised to upgrade their apps and re-secure their wallets after the discovering of a weakness in a component of the operating system responsible for generating secure random numbers. The weakness also affects some secure communication networks, and renders users vulnerable to theft of their digital currency.

The weakness lies with the Android implementation of a piece of code which is supposed to spit out purely random numbers. Instead of working as it should, the numbers it produces aren’t as random as they seem. These numbers are used by Bitcoin users as the public and private keys in the series of mathematical problems which makes up the “blockchain”, the record of transactions. If they are slightly predictable, then as a result, it is theoretically possible to work out someone’s private key from the public signatures they post, and steal money contained in the wallet.

The vulnerability was highlighted by developer Mike Hearn, who created the Bitcoin Wallet app. That app has since been updated, as have Mycelium Wallet and blockchain.info, two other popular wallet apps for Android. Bitcoin.org, a key website for the decentralised development community, advises users to “rotate” their keys. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself”, they write. “Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”

However, the weakness in the random number generator has the potential to affect more than just bitcoin apps. Any app which relies on the generator for security is at risk, particularly if the programme requires a public and a private key. The nature of the flaw makes it overly easy to determine a private key if given a public key generated around the same time; as a result, any app which uses a form of public key cryptography, where the security of the encrypted content relies on the public and private keys being unrelated, is at risk if those keys were generated using the faulty generator.

In practice, though, the Bitcoin community is at the most risk here. It's one of the few situations where a public key is very public indeed, and the rewards for cracking it are so immediate that if people can try, they will. But it's hardly a mortal wound; the apps can be updated, and wallets resecured. If Bitcoin is really in danger, it comes from a source which many advocates of the digital money are celebrating. Earlier this month, a Texas court officially declared Bitcoin a "currency" in order to take action against a man accused of running a Bitcoin Ponzi scheme. What sounds like much-needed mainstream recognition is actually a double-edged sword, though. As a currency, it is now fair game for regulators. And sure enough, the New York Department of Financial Services is looking into the "Wild West for narcotraffickers and other criminals". Bitcoin will shortly need to grow up or shut up, it seems.

Photograph: Bitcoin.org

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Show Hide image

Will Euroscepticism prove an unbeatable advantage in the Conservative leadership race?

Conservative members who are eager for Brexit are still searching for a heavyweight champion - and they could yet inherit the earth.

Put your money on Liam Fox? The former Defence Secretary has been given a boost by the news that ConservativeHome’s rolling survey of party members preferences for the next Conservative leader. Jeremy Wilson at BusinessInsider and James Millar at the Sunday Post have both tipped Fox for the top job.

Are they right? The expectation among Conservative MPs is that there will be several candidates from the Tory right: Dominic Raab, Priti Patel and potentially Owen Paterson could all be candidates, while Boris Johnson, in the words of one: “rides both horses – is he the candidate of the left, of the right, or both?”

MPs will whittle down the field of candidates to a top two, who will then be voted on by the membership.  (As Graham Brady, chair of the 1922 Committee, notes in his interview with my colleague George Eaton, Conservative MPs could choose to offer a wider field if they so desired, but would be unlikely to surrender more power to party activists.)

The extreme likelihood is that that contest will be between two candidates: George Osborne and not-George Osborne.  “We know that the Chancellor has a bye to the final,” one minister observes, “But once you’re in the final – well, then it’s anyone’s game.”

Could “not-George Osborne” be Liam Fox? Well, the difficulty, as one MP observes, is we don’t really know what the Conservative leadership election is about:

“We don’t even know what the questions are to which the candidates will attempt to present themselves as the answer. Usually, that question would be: who can win us the election? But now that Labour have Corbyn, that question is taken care of.”

So what’s the question that MPs will be asking? We simply don’t know – and it may be that they come to a very different conclusion to their members, just as in 2001, when Ken Clarke won among MPs – before being defeated in a landslide by Conservative activists.

Much depends not only on the outcome of the European referendum, but also on its conduct. If the contest is particularly bruising, it may be that MPs are looking for a candidate who will “heal and settle”, in the words of one. That would disadvantage Fox, who will likely be a combative presence in the European referendum, and could benefit Boris Johnson, who, as one MP put it, “rides both horses” and will be less intimately linked with the referendum and its outcome than Osborne.

But equally, it could be that Euroscepticism proves to be a less powerful card than we currently expect. Ignoring the not inconsiderable organisational hurdles that have to be cleared to beat Theresa May, Boris Johnson, and potentially any or all of the “next generation” of Sajid Javid, Nicky Morgan or Stephen Crabb, we simply don’t know what the reaction of Conservative members to the In-Out referendum will be.

Firstly, there’s a non-trivial possibility that Leave could still win, despite its difficulties at centre-forward. The incentive to “reward” an Outer will be smaller. But if Britain votes to Remain – and if that vote is seen by Conservative members as the result of “dirty tricks” by the Conservative leadership – it could be that many members, far from sticking around for another three to four years to vote in the election, simply decide to leave. The last time that Cameron went against the dearest instincts of many of his party grassroots, the result was victory for the Prime Minister – and an activist base that, as the result of defections to Ukip and cancelled membership fees, is more socially liberal and more sympathetic to Cameron than it was before. Don’t forget that, for all the worry about “entryism” in the Labour leadership, it was “exitism” – of Labour members who supported David Miliband and liked the New Labour years  - that shifted that party towards Jeremy Corbyn.

It could be that if – as Brady predicts in this week’s New Statesman – the final two is an Inner and an Outer, the Eurosceptic candidate finds that the members who might have backed them are simply no longer around.

It comes back to the biggest known unknown in the race to succeed Cameron: Conservative members. For the first time in British political history, a Prime Minister will be chosen, not by MPs with an electoral mandate of their own or by voters at a general election but by an entirelyself-selecting group: party members. And we simply don't know enough about what they feel - yet. 

Stephen Bush is editor of the Staggers, the New Statesman’s political blog. He usually writes about politics.