Bitcoin.org released a security advisory over the weekend warning the Bitcoin community that any Bitcoin wallet generated on any Android device is insecure and open to theft. The insecurity appears to stem from a flaw in the Android Java SecureRandom class, which under certain circumstances can produce numbers that aren't truly nondeterministic. This can allow an attacker to work out a victim's cryptographic private key. Private keys are used to sign Bitcoin transactions; if an attacker has a victim's private key, the attacker can execute Bitcoin transactions as if he were that person.
Read More >>