If the security community could tell you just one thing, it’s that “nothing is unhackable.” Except John McAfee’s cryptocurrency wallet, which was only unhackable until it wasn’t — twice.
Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet. The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.
But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen.
Using this “cold boot attack,” it’s possible to steal funds even when a Bitfi wallet is switched off. There’s a video below.
The researchers, Saleem Rashid and Ryan Castellucci, uncovered and built the exploits as part of a team of several security researchers calling themselves “THCMKACGASSCO” (after their initials). The two researchers shared them with TechCrunch prior to its release. In the video, Rashid is shown setting a secret phrase and salt, and running a local exploit to extract the keys from the device.
Rashid told TechCrunch that the keys are stored in the memory longer than Bitfi claims, allowing their combined exploits to run code on the hardware without erasing the memory. From there, an attacker can extract the memory and find the keys. The exploit takes less than two minutes to run, Rashid said.
“This attack is both reliable and practical, requiring no specialist hardware,” said Andrew Tierney, a security researcher with Pen Test Partners, who verified the attack.
Tierney was one of the hackers behind the first Bitfi attack. The McAfee-backed company offered a $250,000 bounty for anyone who could carry out what its makers consider a “successful attack.” But Bitfi declined to pay out, arguing that the hack was outside the scope of the bounty, and instead resorted to posting threats on Twitter.
This new attack, Tierney says, “meets the requirements of the bounty in spirit, even if it does not meet the specific terms that Bitfi have set.”
McAfee earlier this month said, “the wallet is hacked when someone gets the coins.”
Bill Powel, vice president of operations at Bitfi, told TechCrunch in an email that the company defines a hack “as anything that would allow an attacker to access funds held by the wallet.”
“Because the device does not store private keys, that is what prompted the unhackable claim,” he said.
When pressed, Powel did not address the specific claims of the cold boot attack. McAfee, who was copied on the email to Bitfi, did not respond.
Within an hour of the researchers posting the video, Bitfi said in a tweeted statement that it has “hired an experienced security manager, who is confirming vulnerabilities that have been identified by researchers.”
“Effective immediately, we are closing the current bounty programs which have caused understandable anger and frustration among researchers,” it added.
The statement also said it will no longer use the “unhackable” claim on its website.
Rashid said he has no immediate plans to release the exploit code so as to prevent the estimated few thousand Bitfi users from being put at risk.
Just last month, Bitfi won the Pwnie Award for Lamest Vendor Response, a traditional award given out at the Black Hat conference for companies that react the worst in response to security issues.