|Visitors: 614 | Views: 639 (now 325)||Font:|
in force in the field of network security company Symantec recently reported the discovery of vulnerabilities that could affect the security of the data of hundreds of thousands of users of the operating system Android (all versions). Yesterday, Google confirmed the existence of this vulnerability, calling application developers to use safer technologies. The vulnerability has been used last week to break the purse money system Bitcoin, which was stolen from an amount equivalent to $ 5720. It is based on a cryptographic weakness of the OS, due to which many applications use unreliable “pseudo-randomly generated” passwords.
Applications using Java Cryptography Architecture (JCA) for key generation and digital signing, did not receive the most reliable values ??due to improper initialization PRNG – the random number generator. PRNG is a main component of a computer cryptography. Because of the vulnerability of Android during a burglary last week it was possible to use the same sequence of numbers to confirm the different transactions. Also affected by the application that cause systemic OpenSSL PRNG without initializing, but encrypted connections using HttpClient classes and java.net, the rest of the invulnerable. According to estimates Symantec, the software service SecureRandom, using the JCA, are 360,000 programs.
Transactions in the Bitcoin network are publicly visible so hackers scan the data for them, searching for the desired it to them, get the key and remove the money from the purse of an unsuspecting owner. Google recommends that app developers to make a call random numbers more clearly to minimize the vulnerability associated with this risk. It should be noted that the very architecture of the Bitcoin network, with its openness and decentralization allowed to carry out such a hack.
|Rate this article:|