forked from ripper2345/bitcoin.github.com
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathandroid.html
More file actions
249 lines (146 loc) · 10.6 KB
/
android.html
File metadata and controls
249 lines (146 loc) · 10.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta property="og:image" content="https://bitcoin.org/img/opengraph.png" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<title>Android Security Vulnerability</title>
<link rel="stylesheet" type="text/css" href="/a029ec6be4a42b1ffb2e134cb4040f2f.css" />
<!--[if lt IE 8]><link rel="stylesheet" type="text/css" href="/efc702a0aa79a2cda69eebe4befd4c11.css" /><script type="text/javascript" src="/js/ie.js"></script><![endif]-->
<script type="text/javascript" src="/js/main.js?1400954556"></script>
<link rel="shortcut icon" href="/favicon.png">
<link rel="apple-touch-icon-precomposed" href="/img/logo_ios.png"/>
</head>
<body>
<div id="detectmobile" class="detectmobile"></div>
<div class="head"><div>
<ul class="lang">
<li><a href="#" onclick="return false;">English</a>
<ul>
<li><ul>
<li><a href="/id/">Bahasa Indonesia</a></li>
<li><a href="/da/">Dansk</a></li>
<li><a href="/de/">Deutsch</a></li>
<li><a href="/en/" class="active">English</a></li>
<li><a href="/es/">Español</a></li>
<li><a href="/fr/">Français</a></li>
<li><a href="/it/">Italiano</a></li>
<li><a href="/hu/">magyar</a></li>
<li><a href="/nl/">Nederlands</a></li>
<li><a href="/pl/">polski</a></li>
<li><a href="/pt_BR/">Português Brasil</a></li>
<li><a href="/ro/">română</a></li>
<li><a href="/sl/">slovenščina</a></li>
</ul></li><li><ul>
<li><a href="/sv/">Svenska</a></li>
<li><a href="/tr/">Türkçe</a></li>
<li><a href="/bg/">български</a></li>
<li><a href="/ru/">Русский</a></li>
<li><a href="/ar/">العربية</a></li>
<li><a href="/fa/">فارسی</a></li>
<li><a href="/hi/">हिन्दी</a></li>
<li><a href="/ko/">한국의</a></li>
<li><a href="/ja/">日本語</a></li>
<li><a href="/zh_CN/">简体中文</a></li>
<li><a href="/zh_TW/">繁體中文</a></li>
</ul></li>
</ul>
</li>
</ul>
<a class="logo" href="/en/"><img src="/img/logotop.svg" alt="Bitcoin"></a>
<a id="menumobile" class="menumobile" onclick="mobileMenuShow(event);" href="#"></a>
<div id="langselect" class="langselect"><select onchange="window.location=this.value;">
<option value="/id/">Bahasa Indonesia</option>
<option value="/da/">Dansk</option>
<option value="/de/">Deutsch</option>
<option value="/en/" selected="selected">English</option>
<option value="/es/">Español</option>
<option value="/fr/">Français</option>
<option value="/it/">Italiano</option>
<option value="/hu/">magyar</option>
<option value="/nl/">Nederlands</option>
<option value="/pl/">polski</option>
<option value="/pt_BR/">Português Brasil</option>
<option value="/ro/">română</option>
<option value="/sl/">slovenščina</option>
<option value="/sv/">Svenska</option>
<option value="/tr/">Türkçe</option>
<option value="/bg/">български</option>
<option value="/ru/">Русский</option>
<option value="/ar/">العربية</option>
<option value="/fa/">فارسی</option>
<option value="/hi/">हिन्दी</option>
<option value="/ko/">한국의</option>
<option value="/ja/">日本語</option>
<option value="/zh_CN/">简体中文</option>
<option value="/zh_TW/">繁體中文</option>
</select></div>
<ul id="menusimple" class="menusimple" onclick="mobileMenuHover(event);">
<li><a href="#" onclick="return false;">Introduction</a>
<ul>
<li><a href="/en/bitcoin-for-individuals">Individuals</a></li>
<li><a href="/en/bitcoin-for-businesses">Businesses</a></li>
<li><a href="/en/bitcoin-for-developers">Developers</a></li>
<li><a href="/en/getting-started">Getting started</a></li>
<li><a href="/en/how-it-works">How it works</a></li>
<li><a href="/en/you-need-to-know">You need to know</a></li>
</ul>
</li>
<li><a href="#" onclick="return false;">Resources</a>
<ul>
<li><a href="/en/resources">Resources</a></li>
<li><a href="/en/community">Community</a></li>
<li><a href="/en/developer-documentation">Documentation</a></li>
<li><a href="/en/development">Development</a></li>
<li><a href="/en/vocabulary">Vocabulary</a></li>
<li><a href="/en/events">Events</a></li>
<li><a href="/en/press">Press</a></li>
</ul>
</li>
<li><a href="/en/innovation">Innovation</a></li>
<li><a href="/en/support-bitcoin">Participate</a></li>
<li><a href="/en/faq">FAQ</a></li>
</ul>
</div></div>
<div class="body">
<div id="content" class="content">
<script>window.location.href='/en/alert/2013-08-11-android';</script>
<link rel="canonical" href="https://bitcoin.org/en/alert/2013-08-11-android"/>
<link rel="alternate" type="application/rss+xml" href="/en/rss/alerts.rss" title="Bitcoin network status and alerts">
<div class="alerttext">
<h1>Android Security Vulnerability<br><small>11 August 2013</small></h1>
<h2>What happened</h2>
<p>We recently learned that a component of Android responsible for generating secure random numbers contains <a href="http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html">critical weaknesses</a>, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Bitcoin Wallet</a>, <a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">blockchain.info</a> wallet, <a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner">BitcoinSpinner</a> and <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Mycelium Wallet</a>. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone.</p>
<h2>What has been done</h2>
<p>Updates have been prepared for the following wallet apps:</p>
<ul>
<li><b><a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Bitcoin Wallet</a></b>: Update 3.15 can be installed from <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet">Google Play</a> or <a href="http://code.google.com/p/bitcoin-wallet/downloads/list">Google Code</a>. Key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner">BitcoinSpinner</a></b>: Update 0.8.3b can be installed from <a href="https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner">Google Play</a> or <a href="https://code.google.com/p/bitcoinspinner/downloads/list">Google Code</a>. On startup it will advise you on how to proceed.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Mycelium Bitcoin Wallet</a></b>: Update 0.7.0 can be installed from <a href="https://play.google.com/store/apps/details?id=com.mycelium.wallet">Google Play</a> or <a href="http://mycelium.com/">mycelium.com</a>. A wizard will guide you through the process of moving your bitcoins to newly generated addresses, and put the old keys into archive mode.</li>
<li><b><a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">blockchain.info</a></b>: Update 3.54 can be installed from <a href="https://play.google.com/store/apps/details?id=piuk.blockchain.android">Google Play</a>. Version 3.54 and above includes an automatic re-keying wizard. Simply update to the latest version and follow the onscreen instructions. Please make a fresh wallet backup after the process completes.</li>
</ul>
<h2>What you should do</h2>
<p>In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.</p>
<p>If you can't update your Android app, alternatively, you can send your bitcoins to a Bitcoin wallet on your computer until your
Android app can be updated. You should make sure not to send back your bitcoins to your old insecure addresses.</p>
<div style="text-align:right">
<i>This notice last updated: Tue, 13 Aug 2013 13:51:00 UTC</i>
</div>
</div>
<a href="/en/alerts">Go back to the network alerts history</a>
</div>
<div class="footer">
<div class="footermenu">
<a href="/en/alerts">Network Status</a>
<a href="/en/legal">Legal</a>
<a href="/en/about-us">About bitcoin.org</a>
</div>
<span>© Bitcoin Project 2009-2014 Released under the <a href="http://opensource.org/licenses/mit-license.php" target="_blank">MIT license</a></span>
</div>
</div>
<div class="sponsor-banner">
<div><span>A community website sponsored by</span> <a href="https://bitcoinfoundation.org/"><img src="/img/brand/bitcoinfoundation.png" alt="Bitcoin Foundation"></a></div>
</div>
<script type="text/javascript">fallbackSVG();</script>
</body>
</html>