A team of Netherland-based tech experts claims it has exploited a number of loopholes in the design of John McAfee’s much touted crypto hardware wallet and hacked into the device.
Following the launch of BitFi in July, McAfee who is one of its promoters took to twitter to boast that the crypto wallet was literally un-hackable, while going further to promise a cash reward of $100,000 to anyone who could successfully breach the device.
“The $100,000 bounty to anyone who can hack the BitFi.com wallet is not just for the first person who hacks it, but to everyone who can hack it. If 100 people hack it, each one gets $100,000. But I promise you, it cannot be hacked, ever, by anyone or anything. Try it,” McAfee tweeted on July 27.
However, some 72 hours after McAfee first announced the challenge, Oversoft, the Netherland-based team also went on Twitter to claim that they had successfully obtained root access to the wallet, writing;
“Short update without going into too much detail about BitFi:
We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.
There are NO checks in place to prevent that like claimed by BitFi.”
Some tech experts say the sheer fact BitFi is built on the Android OS makes it vulnerable to a long list of vector exploits, including keylogging, malware, rooting, and different forms of firmware tampering.
In a series of subsequent ‘updates’ OverSoft, revealed that other major vulnerabilities on the device include its use of a Baidu GPS/WIFI tracker in addition to the presence of the notorious Adups FOTA malware suite, and a tracker, capable of logging all activity on the device.
McAfee on his part has dismissed the hacking claims, stating that had no success accessing the money in the wallet.
“Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root acces to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.”
BitFi has since announced a second bounty worth $10,000 stating that hackers can only claim the money after modifying the firmware on the device, ensuring that after this, it could still connect to the BitFi dashboard.