'Unhackable' cryptowallet Bitfi gets... hacked of course (and it runs Doom!) - Sensationalist Headlines

'Unhackable' cryptowallet Bitfi gets... hacked of course (and it runs Doom!)

7 replies, posted
In This Thread

https://www.zdnet.com/article/challenge-accepted-15-year-old-hacking-prodigy-plays-doom-on-unhackable-bitfi/ As the company, backed by John McAfee, staunchly defended its product as completely unhackable, the mere phrase used was enough for security researchers worldwide to take the bait. It took only a week for exploit after exploit to flood social networks, leaving the reputation of the "fortress-like" security of the $120 device in tatters. Thought this was a humorous story. Your product better be up to it if you claim it is unhackable

https://files.facepunch.com/forum/upload/57926/deb7116d-13b0-4908-aa0e-c01b48ae9876/image.png

To play devil's advocate, a device being compromised through motherboard modification is a long shot away from a hack executed through its original firmware. Don't get me wrong, it's still a stupid idea and nobody should use it, but a system being effectively compromised the instant a malicious party has physical access to it is standard in infosec.

Exactly. The same kid hacked some other hardware wallet and tried to cause major drama saying it is insecure. He wasn't wrong, it is insecure if someone can intercept your package containing the wallet as it leaves the factory, hacks it, packs it up and sends it to you and then successfully tricks you into sending a false transaction through a specific program (which means you aren't paying attention at all) and THEN it is hacked. While it being hacked isn't a lie, it is a bit sensationalist to claim that it was vulnerable to the point of being unusable.

Hah, I remember McAfee playing damage control on this thing.

It's only a matter of time really. The huge bounty will probably entice someone to find an exploit to get malicious stuff on your wallet, especially considering this kinda stuff; https://twitter.com/OverSoftNL/status/1024008149093822464

In this case yes since they opted to use Android as a base it seems? But in the case of the other one it has none of that stuff.

Yes, it's an Android base - which is exactly the kind of thing that can provide attack vectors if not properly tooled.

Sorry, you need to Log In to post a reply to this thread.