John McAfee backed Bitfi wallet pwned again

The presumably unhackable Bitfi wallet backed by John McAfee has released a statement announcing that the unhackable tag will be removed from their marketing materials. The step comes after the device’s security was compromised by a Twitter user under the name @spudowiar.

The associated bounty program has also been suspended. However, the company has launched the program via the HackerOne platform. The team behind Bitfi wallet has claimed that the reason for this decision of removing unhackable tag is that it has proven to be an “unproductive” strategy.

The move comes in a response to the latest discovery from security researchers. According to the findings of researchers Saleem Rashid and Ryan Castellucci, a second attack is possible to obtain all the stored funds from an unchanged Bitfi wallet. Researchers discovered various security flaws in the Bitfi wallet system. To confirm the flaws, a security manager has been hired by Bitfi. The researchers use the name “THCMKACGASSCO” to represent their team.

Basically, the Bitfi wallet is an Android-compatible device that relies upon a user-generated secret code, as well as a “salt” value. This value is quite similar to a phone number and is required to scramble the secret phrase cryptographically. The entire process of using two unique values is to make sure that users’ funds remain protected.

Researchers state that these two unique values can be extracted through ‘cold boot attack’ to allow generation of private keys and steal the funds even if the Bitfi wallet is turned off. A video has been released by the researcher duo that shows Rashid to be setting a secret phrase and salt value and then executing a local exploit to obtain the keys.

According to Rashid, the keys are stored in a memory that is far longer than the claims of Bitfi, which lets combined exploits to run code on the hardware. This can be performed without erasing the memory. Once this is done, an attacker can extract the memory and find the keys. The whole method of extracting keys takes less than two minutes.

Rashid claims that the attack method is “reliable and practical,” while security researcher from Pen Test Partners, Andrew Tierney, states that the attack is verified and doesn’t require any “specialist hardware.”

Rashid also added that the team has no plans to release the exploit code. However, in a recent tweet, he revealed that Bitfi team did not respond to him or security researchers involved in the feat citing the seriousness of the matter.

This is not the first time when Saleem has hacked a crypto wallet. In March this year, Saleem also hacked the hardware cryptocurrency wallet offered by Ledger which was known to be one of the most secure hardware wallets offered by any company in the industry.

Related Posts