As you may have heard last week, John McAfee shared a statement that his new Bitfi wallet is the world’s first impossible to hack device. He was so sure that offered $100,000 bounty reward for someone who will actually manage to hack the Bitfi, ending with a rotund expression “Money talks, bulls**t walks”. Of course, this caused a lot of attention from the cyber community disbelieving McAfee’s claims. Some of them were making fun of the company and some were so sure that they can take over the new invincible device and dared to raise the bounty higher if Bitfi knows they are that good.
The company responded by actually setting. Soon enough various hackers, like OverSoft, shared their success on getting, demonstrating playing or running. But Bitfi refused to pay the bounty to any of these cyber professionals that invested their time and effort to crack the Bitfi device for a simple reason.
The scandalous and sharp McAfee quickly rushed to explain that by ‘hacking’ he meant stealing the coins from the wallet, which are actually not stored there because Bitfi uniquely uses blockchain as their memory. Therefore, no real memory means no hacking possible. Later PenTestPartners shared a picture of the crypto wallet device and the actual eMMC flash storage chip in Bitfi’s board, proving that there is a memory.
Some other red flags of the Bitfi device started appearing too, such as Chinese application Baidu (has a location tracker) and Adups malware suite platform which is known to also track the location, app data, transmit text and etc every 3 days. Kind of shady for the secure private wallet to perform so much spying. Moreover, software engineer/hacker Ryan threw a shade on Bitfi comparing devices hardware with cheap Android phone’s board.
After all the united powers of hackers and destroyed Bitfis, nothing helped to convince the company that their device is vulnerable. On Tuesday, August 8, 2018, McAfee wrote another resuming the situation and reporting that no matter the increase of the bounty to $250,000 no one still has managed to steal the crypto information, because it is simply impossible, this way adding more fuel to the fire, not acknowledging the effort of hackers who already demonstrated devices weak points earlier.
In the future, McAfee is working on the release of another super-secure device Cloak Phone. This mobile device will have the air-gap switches, which after being pushed, will isolate the buttons and make hackers impossible to access the device remotely and use Bluetooth or Wifi for the attack since it is one of the most common ways to compromise a device. McAfee claimed:
…you press a little button for something and there’s a switch that actually has an air gap… You cannot take an electron and they could jump across this gap. So if you turn off your camera, the camera is off.
Overall, no matter the cockiness of McAfee and Bitfi we must give them credit for coming up with new innovations. Of course, it is only a question when the crooks will adapt and find new hacking ways to take over the crypto wallet and the smartphone and get that bounty.