John McAfee’s ‘Unhackable’ Bitfi Hacked for the Second Time via Cold Boot Attack

John McAfee’s ‘Unhackable’ Bitfi Hacked for the Second Time via Cold Boot Attack
фото показано с : blokt.com

2018-9-2 15:59

John McAfee endorsed Bitfi wallet is in the news once again. The “unhackable” wallet has been hacked again by two security researchers. Both claim that they used a cold boot attack to hack into the wallet and expose vulnerabilities in the wallet’s security. The news thrashes the claim of the company, which previously mocked people who were trying to find security issues in its code.

Scrambling Private Keys

The Android-powered Bitfi wallet recently suffered a cold boot attack, in which private keys of users were stolen. The security researchers claim that their attack mechanism can be used on an unmodified wallet easily.

The BitFi wallet depends on a two-way security system in which there is a user-generated secret phrase, as well as a salt value. This helps in cryptographically scrambling the secret phrase that protects user funds. The researchers claim that they can extract both the secret phrase and the salt value to generate private keys and steal funds. They also suggest that funds can be stolen even when the wallet is switched off.

Saleem Rashid, one of the researchers, had this to write on Twitter:

“[O]n a completely unrelated note, here is a @Bitfi6 being cold boot attacked. it turns out that rooting the device does not wipe RAM clean. Who would have thought it!? i feel this music is very appropriate for @Bitfi6.”

The Unhackable Story Goes Bust

Rashid, along with Ryan Castellucci, the other security researcher, made the exploits as part of a team of several security researchers who call themselves “THCMKACGASSCO.” Revealing their findings to TechCrunch, Rashid said that the keys are stored in the memory of the wallet longer than what Bitfi claims, which allowed the hackers to apply their exploits without erasing the memory.

Pen Test Partners security researcher Andrew Tierney verified the attack and said:

“This attack is both reliable and practical, requiring no specialist hardware.”

John McAfee has claimed on several occasions that the Bitfi wallet is unhackable. The company even offered a $250,000 bounty for anyone who could launch a successful attack on the wallet. However, when the wallets were hacked into, Bitfi refused to pay, suggesting that the hack was outside the scope of the bounty. It even posted threats to security researchers.

Tierney, who was one of the attackers during the first Bitfi hack, said that this second attack matches the requirements of the bounty in spirit, even if it does not specifically meet the Bitfi guidelines.

John McAfee’s ‘Unhackable’ Bitfi Hacked for the Second Time via Cold Boot Attack was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Viacoin (VIA) на Currencies.ru

$ 0.248 (+1.13%)
Объем 24H $0
Изменеия 24h: 0.70 %, 7d: 3947.78 %
Cегодня L: $0.248 - H: $0.2527
Капитализация $0 Rank 7437
Цена в час новости $ 0.6213 (-60.08%)

wallet cold boot mcafee attack bitfi hacked

wallet cold → Результатов: 42


Найиб Букеле раскрыл информацию о криптокошельке Сальвадора

Власти Сальвадора переместили приобретенные биткоины в холодный кошелек «на территории страны». Президент Найиб Букеле опубликовал адрес, на котором хранятся 5 689,69 BTC (~$406,6 млн). We've decided to transfer a big chunk of our #Bitcoin to a cold wallet, and store that cold wallet in a physical vault within our national territory. You can call it […]

2024-3-15 12:36


“The Cold Wallet 2.0”? ELLIPAL Launches Mobile-oriented Cold Wallet for Cryptocurrency

Most of today’s cold wallets are storage oriented and PC connected, providing little convenience but the risks still exist. Cryptocurrency owners are seeking the ideal secure wallet on the market. For them, the ideal would be a secure daily trading tool that is mobile-oriented, fully featured and multi-currency supporting. Security, functionality, and usability are becoming […]

2018-8-6 01:27


Sirin Labs Releasing $1000 Blockchain Phone

Sirin, a Swiss tech hardware company, has announced the release of a $1000 blockchain powered smart phone to be released later this year. The phone is called ‘Finney’ and will come with blockchain features such as a secure P2P resource-sharing utility, a built-in cold storage crypto wallet that will support all major cryptocurrencies and tokens,… The post Sirin Labs Releasing $1000 Blockchain Phone appeared first on UNHASHED.

2018-7-12 00:43