Android vulnerability hits Bitcoin apps and more

When a random number is not so random, security pays the price

Android users of Bitcoin are being advised to upgrade their apps and re-secure their wallets after the discovering of a weakness in a component of the operating system responsible for generating secure random numbers. The weakness also affects some secure communication networks, and renders users vulnerable to theft of their digital currency.

The weakness lies with the Android implementation of a piece of code which is supposed to spit out purely random numbers. Instead of working as it should, the numbers it produces aren’t as random as they seem. These numbers are used by Bitcoin users as the public and private keys in the series of mathematical problems which makes up the “blockchain”, the record of transactions. If they are slightly predictable, then as a result, it is theoretically possible to work out someone’s private key from the public signatures they post, and steal money contained in the wallet.

The vulnerability was highlighted by developer Mike Hearn, who created the Bitcoin Wallet app. That app has since been updated, as have Mycelium Wallet and blockchain.info, two other popular wallet apps for Android. Bitcoin.org, a key website for the decentralised development community, advises users to “rotate” their keys. “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself”, they write. “Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”

However, the weakness in the random number generator has the potential to affect more than just bitcoin apps. Any app which relies on the generator for security is at risk, particularly if the programme requires a public and a private key. The nature of the flaw makes it overly easy to determine a private key if given a public key generated around the same time; as a result, any app which uses a form of public key cryptography, where the security of the encrypted content relies on the public and private keys being unrelated, is at risk if those keys were generated using the faulty generator.

In practice, though, the Bitcoin community is at the most risk here. It's one of the few situations where a public key is very public indeed, and the rewards for cracking it are so immediate that if people can try, they will. But it's hardly a mortal wound; the apps can be updated, and wallets resecured. If Bitcoin is really in danger, it comes from a source which many advocates of the digital money are celebrating. Earlier this month, a Texas court officially declared Bitcoin a "currency" in order to take action against a man accused of running a Bitcoin Ponzi scheme. What sounds like much-needed mainstream recognition is actually a double-edged sword, though. As a currency, it is now fair game for regulators. And sure enough, the New York Department of Financial Services is looking into the "Wild West for narcotraffickers and other criminals". Bitcoin will shortly need to grow up or shut up, it seems.

Photograph: Bitcoin.org

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Chuka Umunna speaks at the launch of Labour's education manifesto during the general election. Photograph: Getty Images.
Show Hide image

After so badly misjudging the leadership contest, how will the Blairites handle Corbyn?

The left-winger's opponents are divided between conciliation and aggression. 

When Labour lost the general election in May, the party’s modernisers sensed an opportunity. Ed Miliband, one of the most left-wing members of the shadow cabinet, had been unambiguously rejected and the Tories had achieved their first majority in 23 years. More than any other section of the party, the Blairites could claim to have foreseen such an outcome. Surely the pendulum would swing their way?

Yet now, as Labour’s leadership contest reaches its denouement, those on the right are asking themselves how they misjudged the landscape so badly. Their chosen candidate, Liz Kendall, is expected to finish a poor fourth and the party is poised to elect Jeremy Corbyn, the most left-wing leader in its 115-year history. For a faction that never ceases to underline the importance of winning elections, it will be a humbling result.

Though the crash has been sudden, the Blairites have long been in decline. Gordon Brown won the leadership unchallenged and senior figures such as John Reid, James Purnell and Alan Milburn chose to depart from the stage rather than fight on. In 2010, David Miliband, the front-runner in the leadership election, lost to his brother after stubbornly refusing to distance himself from the Iraq war and alienating undecided MPs with his imperiousness.

When the younger Miliband lost, the modernisers moved fast – too fast. “They’re behaving like family members taking jewellery off a corpse,” a rival campaign source told me on 9 May. Many Labour supporters agreed. The rush of op-eds and media interviews antagonised a membership that wanted to grieve in peace. The modernising contenders – Chuka Umunna, Liz Kendall, Mary Creagh, Tristram Hunt – gave the impression that the Blairites wanted to drown out all other voices. “It was a huge mistake for so many players from that wing of the party to be put into the field,” a shadow cabinet minister told me. “In 1994, forces from the soft left to the modernising right united around Tony Blair. The lesson is never again can we have multiple candidates.”

While conducting their post-mortem, the Blairites are grappling with the question of how to handle Corbyn. For some, the answer is simple. “There shouldn’t be an accommodation with Corbyn,” John McTernan, Blair’s former director of political operations, told me. “Corbyn is a disaster and he should be allowed to be his own disaster.” But most now adopt a more conciliatory tone. John Woodcock, the chair of Progress, told me: “If he wins, he will be the democratically elected leader and I don’t think there will be any serious attempt to actually depose him or to make it impossible for him to lead.”

Umunna, who earlier rebuked his party for “behaving like a petulant child”, has emphasised that MPs “must accept the result of our contest when it comes and support our new leader in developing an agenda that can return Labour to office”. The shadow business secretary even suggests that he would be prepared to discuss serving in Corbyn’s shadow cabinet if he changed his stances on issues such as nuclear disarmament, Nato, the EU and taxation. Were Umunna, a former leadership contender, to adopt a policy of aggression, he would risk being blamed should Corbyn fail.

Suggestions that the new parliamentary group Labour for the Common Good represents “the resistance” are therefore derided by those close to it. The organisation, which was launched by Umunna and Hunt before Corbyn’s surge, is aimed instead at ensuring the intellectual renewal that modernisers acknowledge has been absent since 2007. It will also try to unite the party’s disparate mainstream factions: the Blairites, the Brownites, the soft left, the old right and Blue Labour. The ascent of Corbyn, who has the declared support of just 15 MPs (6.5 per cent of the party), has persuaded many that they cannot afford the narcissism of small differences. “We need to start working together and not knocking lumps out of each other,” Woodcock says. There will be no defections, no SDP Mk II. “Jeremy’s supporters really underestimate how Labour to the core the modernisers are,” Pat McFadden, the shadow Europe minister, told me.

Although they will not change their party, the Blairites are also not prepared to change their views. “Those of us on this side of Labour are always accused of being willing to sell out for power,” a senior moderniser told me. “Well, we do have political principles and they’re not up for bartering.” He continued: “Jeremy Corbyn is not a moderate . . .
He’s an unreconstructed Bennite who regards the British army as morally equivalent to the IRA. I’m not working with that.”

Most MPs believe that Corbyn will fail but they are divided on when. McFadden has predicted that the left-winger “may even get a poll bounce in the short term, because he’s new and thinking differently”. A member of the shadow cabinet suggested that Labour could eventually fall to as low as 15 per cent in the polls and lose hundreds of councillors.

The challenge for the Blairites is to reboot themselves in time to appear to be an attractive alternative if and when Corbyn falters. Some draw hope from the performance of Tessa Jowell, who they still believe will win the London mayoral selection. “I’ve spoken to people who are voting enthusiastically both for Jeremy and for Tessa,” Wes Streeting, the newly elected MP for Ilford North, said. “They have both run very optimistic, hopeful, positive campaigns.”

But if Corbyn falls, it does not follow that the modernisers will rise. “The question is: how do we stop it happening again if he does go?” a senior frontbencher said. “He’s got no interest or incentive to change the voting method. We could lose nurse and end up with something worse.” If the road back to power is long for Labour, it is longest of all for the Blairites. 

George Eaton is political editor of the New Statesman.

This article first appeared in the 03 September 2015 issue of the New Statesman, Pope of the masses