McAfee-Partnered ‘Unhackable’ Wallet Bitfi Hacked
John McAfee’s official partner experienced a major breach when security researchers were able to gain root access to the device - less than one week after it was advertised as ‘unhackable’
Sometimes it’s a good idea to not throw words around like ‘unhackable’ or ‘impenetrable’ or perhaps even ‘unsinkable’, such is the case of company Bitfi after recently releasing their new wallet. Experiencing a titanic-like moment the product hit a bit of an iceberg when security research group OverSoftNL claimed it had obtained ‘root access’ to the device.
Speaking to Cointelegraph, the CEO of Bitfi Daniel Khesin said there was ‘no evidence’ their wallet had a vulnerability.
“As of now, we have no evidence that our device can be hacked and if someone succeeds in doing so then we will immediately put out a fix to all devices to address the vulnerability that was discovered and it will be unhackable once again.”
A $250,000 hacking bounty was placed on the device to challenge hackers, researchers and apprehensive people alike when on August 1st, Dutch-based firm OverSoftNL came forward on Twitter to claim they had breached the device.
“Short update without going into too much detail about BitFi:
We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”
Shortly after, Bitfi responded on Twitter indirectly recognising OverSoft’s claims saying:
“Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help”
According to Oversoft, Bitfi never had any intention of even paying their first bounty - it’s ‘Pure marketing’, said Oversoft, hurting their credibility even more. John McAfee himself has argued that the hack isn't applicable to the bounty as no money was stolen - even though Oversoft seemingly gained root access incredibly quickly and ran their software on non-Bitfi devices.
But by gaining root access you have complete autonomous control over the device, meaning you can do whatever you want from installing malicious software to even withdrawing money, so one would think this would fit McAfee’s definition of a ‘hack’.
What’s becoming an even larger rabbit hole for a device deemed ‘unhackable’ is Oversofts claim that you don’t even need the official device to run Bitfi’s software, saying that they could have literally just released it “on the Play Store as an app.”
Bitfi clearly have some PR cleaning up to do and until we have true confirmation it will remain to be seen what sort of vulnerabilities that the Bitfi has.
Other companies, such as Opera are also looking at deploying their own wallets.