Hacker News new | comments | show | ask | jobs | submit login
Google confirms critical Android crypto flaw used in Bitcoin heist (arstechnica.com)
131 points by shawndumas on Aug 15, 2013 | hide | past | web | favorite | 43 comments

And now we simply wait for cell carriers/handset manufacturers to push out updates for all the handsets in the field.

No need to wait for the carriers. Google published sample code for app developers to get good entropy.


Yep. Everyone who normally pretends that Android fragmentation is "not that big a deal" is going to squirm.

This is why I use Cyanogenmod. I get better support from a bunch of unpaid yahoos who like to dork around with phones than from the carriers and handset manufactures.

I am willing to bet Cyanogenmod will have a fix out in days, if not hours.

This goes for other ROMs like Paranoid too.

I refuse to buy hardware which isn't supported by the open-source community, such as Cyanogen.

If I don't 0wn it, I don't own it.

I know, right? Things would be so much better if the dominant OS was a closed platform, and only ran on hardware made by the same company and only ran apps purchased though a tightly controlled store run by the same company. Of course then they could shut out other service providers such as maps and cloud services, and basically wreck the industry for almost everyone except themselves, but at least we would get timely updates.

I'm curious. What maps and cloud services providers have been shut out of iOS? I recall that google maps has an app, dropbox has an app, there are even non iTunes music players. One of the criteria for the app store doesn't seem to be "can't compete with Apple." So this little diatribe about "wrecking the industry" is a bit unfounded. There's nothing stopping you or anyone else from creating their own OS and their own hardware to run it on and marketing it to people and selling it.

Dropbox is a huge competitor to Apple's cloud services. While they're different, if Apple really was trying to be heavy handed, Dropbox would never have gotten on the App Store. By the way, what's the default maps application on Android? Google is a model of openness right? So open that your gmail has "no expectation of privacy." I wonder how they feel about things being done using an Android device. After all, if even your private person-to-person emails have no privacy expectation, then what expectation would one have for using an Android device?

As far as "wrecking the industry," I've never made more money from development as I have since the App store came along. So unless your industry is creating malware or porn apps, iOS has hardly wrecked anything. If it weren't for iOS, there'd likely be no Android. Apple essentially created the smartphone industry, at least as we know it today. Entire new businesses were created because of the App Store. I can't even on one hand the number of consumer mobile development companies that existed before iPhone. I'm sure there were plenty, but hardly the billion dollar industry it is today.

I'm not an Apple apologist, however when I see the same tired arguments about the "closed" ecosystem it gets frustrating. Especially since the App Store has over 900,000 apps. That's a lot of apps for such an oppressive system. A large percentage of them are crap, but comparing sales numbers to Google Play, it's pretty obvious that Apple is doing something right, at least from the perspective of the consumer -- which is the market. There are some notable screwups with the app approval process, however weighing that in the aggregate against the overall success of developers within the App store, the screwups are a drop in the bucket.

Apple has a rule that disallows apps from the app store if they "duplicate the functionality of one of apple's own apps". Alternative browsers for instance are effectively banned, you can only skin safari. There have been plenty of examples where they have abused this rule. Google maps was around before Apple Maps, but when it launched it became the default app, and there is no way to change it. On android, the user can swap out gmaps for an alternative.

Luckily iOS never became dominant, and so the long term damage to the market is limited. In the short term, certainly a lot of developers made some quick money on iOS, and as one of them I can see why you are so keen to defend them. But in the long run, if they had reached dominance then it would have been a catastrophe for the industry on a scale far worse than Windows dominance in the 90s.

There are a lot of other reasons that it would have been bad, that often don't occur to people in cozy western environments, such as the impact it would have had on developing countries. A lot of elitist iOS developers say its not a problem that you can only develop iOS apps on a Mac, because "anyone can afford a Mac mini", but try telling that to a highschool student in India.

"certainly a lot of developers made some quick money on iOS"

AKA: iOS developers make more money because iOS users are more likely to spend it. Android users are people like the highschool student in India who is never going to buy an app.

Ahhh, there's the elitist attitude we all know and love. As I said, I can see why a developer targeting rich Americans would want to develop for iOS (for now), but the fact remains that it would be a catastrophe if iOS were to gain any sort of long term dominance.

So it's elitist to expect profit off of the app you're selling? I'm not sure what you mean by a "catastrophe".

Who said that it had to be one of two models? Microsoft Windows works much the same way Android does by running on lots of vendor hardware. People don't have to wait for Dell to push out updates, for example.

Computers are also not cell phones, and Dell doesn't want to have as tight control over the operating system as carriers / phone makers.

It's almost as if decisions have trade-offs.

Yes, at least you would get timely updates making your money and personal data more secure. Not a big deal at all. No sir.

It's the carriers. What are you supposed to do, tell them they can't test updates for phones running on their network?

Not make it difficult to update the phone using 3rd party builds. Which is exactly what Samsung did regardless of carrier with the Galaxy S4. You can install cyanogenmod (and other custom roms) without rooting. Cyanogenmod then gets frequent 1 click updates.

I'm actually shocked that someone used a zero-day Android exploit to steal $5,700 of BTC. Couldn't they have sold it for significantly more on the black market?

It may not have been identified specifically as an Android exploit -- there are people (I used to be one of them, though I wouldn't have used the result to exploit wallets) who constantly run crypto attacks on transactions in the blockchain to identify weak wallet keys. The person who stole the BTC probably automated the attack, left it running against the blockchain, and never even knew what the real vulnerability was.

They didn't use an Android exploit specifically, they simply scanned the blockchain for vulnerable private keys. They probably didn't even know that Android was the culprit - it could be hardware wallet, a buggy homebrew client or whatever.

Depends on the attackers attitude to risk: $5,700 worth of BTC might be a lot harder to track than the sale of an exploit. He doesn't have to trust any other human beings (i.e. the person he is selling to at least) not to dob him in at a moment's notice. A safe 5K might be very much preferable to him than a less safe 20+K.

(caveat: unless otherwise stated numbers in this post, and many of my others, are plucked from thin air)

I'm more shocked that some people actually trust their phones enough to install bitcoin clients on them.

Well, keeping 1-2 BTC as a personal wallet for real-world transactions makes some sense.

As for keeping ~50 BTC - a possible scenario is that the guy/gal bought a specific, cheap Android phone as a "safe" - that is, installed only the blockchain app, and cut off the internet/cellular connection. One would expect the phone being offline and the app being from a trustable source to be secure :)

It's possible that the exploit was used previously and the incident went unreported.

Which is perhaps even more frightening considering many other high security apps use these libraries.

Well no, not with Bitcoin at any rate. Every transaction is visible, that's how the attacker knew which funds were stealable.

Yes, $5,700 seems a bargain to uncover a flaw like this. Shows an interesting potential use of bitcoin, can act as a warning system to identify bugs or insecure systems, like a honeypot. If the bitcoins are taken you know there is a weakness somewhere.

We don't really know that. The other obvious implication would be that we now might need new/expanded openssl/ssh key blacklists, for keys generated on Android devices.

Alternatively, someone decided it was worth $5700 to learn whether or not this bug was being exploited in the wild.

irony of the month: anyone NOT following the age old advice about not implementing your own crypto would have been spared from this.


This is a failure of the CSPRNG. What "not implementing your own crypto" usually means is trying to cobble together primitives like AES, RSA, and some mode of operation (and, if you're lucky, there's a MAC algorithm in there too), which would still probably have been horribly broken in some way. That's completely orthogonal to this issue.

Are you insinuating that explicitly seeding the CSPRNG with information from the OS' CSPRNG is somehow a bad thing, or that it is frowned upon, or that it constitutes "implementing your own crypto"?

Indeed. The irony is that anyone following that (good) advice were affected by this.

Has anyone looked to see if the NSA Secure Android project has this bug?

I thought OpenSSL's default code already pulled from /dev/[u]random at initialization?

The Official Sun/Oracle JDK SecureRandom class already pulls from /dev/random. The Android class does not.

Larry Ellison is ROFLing right now.

But they only copied the API, remember. Not the implementation... ;-)

where does it pull from?

How much would a good hardware RNG cost, and when can we have a phone with one that can run Cyanogenmod?

Why does the blog post also suggest /dev/random?

I thought urandom should only be used for crypto.

Random blocks when waiting for entropy. Urandom is "unblocking random" and will return strictly predictable results when the pool becomes drained enough.

Other way around.

Yeah......that looks like an easy fix o_O

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact