All Bitcoin Wallets On Android Vulnerable To Theft

judgecorp writes "Bitcoin users have been warned that storing them in a wallet app on Android is insecure, A weakness in Android's random number generator means its random numbers may not be so random, giving attackers a chance of breaking into the wallet. those with Bitcoins have been advised to put them elsewhere, by bitcoin.org"

How can an OS have such a fundamental problem?

[Karganeth]

It's ridiculous in this day and age that an OS can fail to make random numbers properly. That's one of the most basic operations. How lazy/incompetent are the Google programmers?

Re:Random numbers on a mobile device

[c]

Shouldn't the RNG tap into the device's accelerometer?

The Linux kernel has has the ability to push device input into the random number entropy pool for a long time (/dev/random and /dev/urandom). If the device drivers aren't pumping accelerometer events into the pool, someone really missed an opportunity.

In this case, it sounds like something went wrong with the Java/Dalvik random number generator. It's not clear to me from glancing at the various write-ups whether it's a failure to RTFM on the part of the Bitcoin wallet writers (or maybe whoever wrote a common Bitcoin reference implementation) or if there's something broken in the Android implementation of the RNG class.