John McAfee endorsed Bitfi wallet is in the news once again. The “unhackable” wallet has been hacked again by two security researchers. Both claim that they used a cold boot attack to hack into the wallet and expose vulnerabilities in the wallet’s security. The news thrashes the claim of the company, which previously mocked people who were trying to find security issues in its code.
Scrambling Private Keys
The Android-powered Bitfi wallet recently suffered a cold boot attack, in which private keys of users were stolen. The security researchers claim that their attack mechanism can be used on an unmodified wallet easily.
The BitFi wallet depends on a two-way security system in which there is a user-generated secret phrase, as well as a salt value. This helps in cryptographically scrambling the secret phrase that protects user funds. The researchers claim that they can extract both the secret phrase and the salt value to generate private keys and steal funds. They also suggest that funds can be stolen even when the wallet is switched off.
Saleem Rashid, one of the researchers, had this to write on Twitter:
“[O]n a completely unrelated note, here is a @Bitfi6 being cold boot attacked. it turns out that rooting the device does not wipe RAM clean. Who would have thought it!? i feel this music is very appropriate for @Bitfi6.”
The Unhackable Story Goes Bust
Rashid, along with Ryan Castellucci, the other security researcher, made the exploits as part of a team of several security researchers who call themselves “THCMKACGASSCO.” Revealing their findings to TechCrunch, Rashid said that the keys are stored in the memory of the wallet longer than what Bitfi claims, which allowed the hackers to apply their exploits without erasing the memory.
Pen Test Partners security researcher Andrew Tierney verified the attack and said:
“This attack is both reliable and practical, requiring no specialist hardware.”
John McAfee has claimed on several occasions that the Bitfi wallet is unhackable. The company even offered a $250,000 bounty for anyone who could launch a successful attack on the wallet. However, when the wallets were hacked into, Bitfi refused to pay, suggesting that the hack was outside the scope of the bounty. It even posted threats to security researchers.
Tierney, who was one of the attackers during the first Bitfi hack, said that this second attack matches the requirements of the bounty in spirit, even if it does not specifically meet the Bitfi guidelines.