News
MWR InfoSecurity: Expect more breaches like Bitcoin in the future
August 2013 by MWR InfoSecurity
Applications using the same function to generate random numbers for security could
be compromised affecting millions of users British IT security firm MWR InfoSecurity
has warned.
The comment was made after Android’s Bitcoin apps were targeted by a random
number generation bug resulting in theft.
Ian Shaw, Managing Director of MWR InfoSecurity, said: “There appears to be a
flaw in the SecureRandom function which is used to generate random numbers for
security. There are more applications than just Bitcoin wallets that rely on this
function for security so it is likely that we see more breaches like this in the
future.”
“Normally, such issues appear due to mistakes in individual applications. This
is a flaw found in an Android function, which is rarer and much more
wide-reaching,” he warned.
Shaw added: “Because Bitcoin transactions are public and shared by design, it
is a lot easier for an attacker to scan for those using a vulnerable client. They
don't need to attack the user directly as they have everything they need from
the Blockchain, which is the database that holds information about all
transactions.”
Shaw said that because these transactions were designed to be pseudo-anonymous and
non-refundable, no support network, such as credit card Chargeback, had been put in
place such to recover any losses.
