Applications using the random numbers for security could be compromised affecting millions of users.
Applications using the same function to generate random numbers for security could be compromised affecting millions of users British IT security firm MWR InfoSecurity has warned.
The comment was made after Android’s Bitcoin apps were targeted by a random number generation bug resulting in theft.
Ian Shaw, Managing Director of MWR InfoSecurity, said: “There appears to be a flaw in the SecureRandom function which is used to generate random numbers for security. There are more applications than just Bitcoin wallets that rely on this function for security so it is likely that we see more breaches like this in the future.”
“Normally, such issues appear due to mistakes in individual applications. This is a flaw found in an Android function, which is rarer and much more wide-reaching,” he warned.
Shaw added: “Because Bitcoin transactions are public and shared by design, it is a lot easier for an attacker to scan for those using a vulnerable client. They don’t need to attack the user directly as they have everything they need from the Blockchain, which is the database that holds information about all transactions.”
Shaw said that because these transactions were designed to be pseudo-anonymous and non-refundable, no support network, such as credit card Chargeback, had been put in place such to recover any losses.