Blockchain, one of the Internet's most widely used Bitcoin wallets, has rushed out an update for its Android app after discovering critical cryptographic and programming flaws that can cause users to send digital coins to the wrong people with no warning.
✐ Really? I mean like Really? You can't even call this incompetence, this needs a whole other category of it's own to explain this epic failure.
This is like putting out accounting software that can't add.
The vulnerabilities affect a subset of people who run Blockchain for Android on versions 4.1 or older of the mobile OS, according to an advisory published Thursday. The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
✐ Umm, isn't this how the entire MtGox "inside job" started? Sure sounds like a hard coding to me. By that I mean preset, not difficult, cut-and-paste is not difficult.
"To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users," Thursday's advisory stated.
✐ "To our knowledge"? Perhaps reviewing the code that you released and making an educated determination would be a better course of action here.
According to this entry in the Bitcoin ledger, the owner of the lucky 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F address appears to have received almost 34 bitcoins since the January, when the address became active (hat tip to Ars reader Bob Loblaw). Nicholas Weaver, a security researcher at the International Computer Science Institute in Berkeley, California, said it's possible multiple people may have been able to benefit from the error through the use of "tumbler" services designed to obfuscate how bitcoins are spent and received. Still, the at today's rate, the 34 bitcoins are worth about $8,100.
Additionally, in certain cases, the pseudorandom number generator in Blockchain for Android failed to access random data that was supposed to be mixed into the random bits downloaded from random.org. Instead of returning an error, the app simply used the 256-bit number provided by random.org as the sole input for generating private keys. That meant the random.org website was the sole supplier of entropy used in the generation process.
It's not entirely clear what causes some users on Android 4.1 and earlier to be vulnerable while others are not affected. Some people have speculated that the vulnerability is present on devices that can't access random values that are supposed to be available in the /dev/urandom file.
Cryptography and security experts were aghast at the scale of the error. Beyond no one using HTTPS by default to access random.org—and the months-long failure to catch the 301 response—there's a more fundamental error of judgement. Random numbers are one of the most important components in secure cryptographic functions. Critics said it was a mistake of epic proportion for Blockchain to be so casual about how it went about obtaining the raw material for such key ingredients.
✐ I saw it was a mistake of epic proportion. Period. This is moronic, like database software that doesn't store information. Have they not heard of "testing"?
"WTF? The blockchain.info Android app was just getting 'random' numbers from the Internet?" Weaver wrote on Twitter. "I think I need to write a followon rant: how to make money in Bitcoin with sabotaged pRNGs. Reduce entropy pool to 30 bits with 'improvements'," he added.
The vulnerabilities involved the use of the LinuxSecureRandom programming interface to generate pseudo random numbers instead of SecureRandom, which is the more standard interface for Android developers. The idea behind the customization in Blockchain seemed to be the ability to pull in random values from two sources—random.org and a resource residing in the OS itself. In retrospect, the lack of HTTPS protections, the failure to detect a 301 response, and the inability of some devices to pull random bits from the OS itself underscore how easy it is to make mistakes when developing home-grown cryptographic solutions.
✐ Oh yeah, let's blame it on the operating system.
Look, that might sound flashy and technical enough to convince the average Joe that multiple problems derived from various issues including the operating system and hardware, but that won't fly here.
Blockchain messed up, there is no blame to pass.
There are protocols that are involved in the testing and delivery of any software, hardware and related OS, library, and related issues are known and published, and developers have the responsibility to know this, program managers and test managers have the responsibility to make sure this works. ESPECIALLY when it involves a core function of the application and certainly ANYTIME there is property or financial data or value involved.
Calling them a bunch of idiots, just doesn't seem to fully encapsulate how ridiculous this is and how true that statement would be. So much so that it would even make idiots look bad.
There is no excuse here, and what really makes it worse is how it's been handled. This is piss poor management of both a release and management of the defect and these morons should be ashamed of themselves.
Original Story by Dan Goodin - May 29, 2015 8:50am PDT
Commentary by dinbits.com (identified by ✐)