John McAfee’s Bitfi was supposed to be unhackable according to him, he was so sure he offered a $100K bounty for anyone who could. However a Dutch Security Researcher named “Oversoft” claims he has root access to McAfee’s wallet.
A demo of the custom firmware running is displayed below:
The team have even altered the firmware of the device. There has also been a tweet about the Bitfi wallet.
Short update without going into too much detail about BitFi:
We have root access, patched the firmware and can confirm the BitFi wallet still connect[s] happily to the dashboard.
There are NO checks in place to prevent that like BitFi claimed.
The company were slow to respond but eventually accepted the security breach, they however did not confirm that OverSoft has breached their system.
The CEO of the Bitfi Daniel Khesin has announced that the company is going to conduct another Bug Bounty.
Dear friends, we’re announcing a second bug bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infused community, we need help. Here are the bounty conditions: bitfi.com/bounty2
Thank you, Daniel Khesin CEO”
The original hackers who hacked Bitfi, said that the company had no intention of paying the Bug Bounty. Oversoft has hacked the device without actually owning or possessing the device which is a big deal as the device has $120 price tag without shipping.
You don’t need a BitFi device to run a BitFi wallet. I repeat: there’s nothing in that device that is required for the BitFi app to function. There’s NO secure element. They could’ve released it on the Play Store as an app.
McAfee has argued that gaining root access to the device is not constituted as a hack and hackers need to extract money from the wallet in order to prove that the device can be hacked. OverSoft has performed the hack by running keyloggers on the device with root access.
Take your time to comment on this article.