This vulnerability in Java Cryptography Architecture of Android-origin of a Bitcoin transaction-was allegedly used to steal about $ 5,720 in Bitcoins a digital wallet last week. The revelation made by the Google security engineer, Alex Klyubin, was the first official confirmation of the vulnerability of Android after the incident.
Klyubin warns that other applications can also be in danger if the developers do not change the way you access the calls PRNGs, generators abbreviation pseudo-random numbers.
“We have determined that the applications using the Java Cryptography Architecture (JCA) for the cryptographic key generation, signing, or random number generation can not receive cryptographically strong values ??on Android devices due to incorrect initialization of the underlying PRNG “he wrote.
The confirmation came a few hours after researchers from security firm Symantec warned that hundreds of thousands of Android applications may be affected by the vulnerability.
No comments:
Post a Comment