Blog: Opinions

Hacking the Bitfi Part 3: The device with no storage

Ken Munro 03 Aug 2018

TL;DR? Here’s proof that the Bitfi has storage and that it’s been rooted.

 -The Bitfi boots at 20 seconds.

We’re not disclosing the method yet, as there is plenty more work to be done here.

If you’ve been keeping an eye on Twitter, no doubt you’ve seen the unravelling mess that is the security of the Bitfi crypto wallet.

Things took a turn for the better when Bitfi fired their social media person:

The outright denials of hackability in the face of compelling evidence to the contrary stopped and some sanity started to prevail.

Bitfi’s CEO started contacting the researchers working on the project, offering compensation to several of the very worthy infosec people involved. Rather too late in our view and probably a damage limitation move, but progress nonetheless.

Bitfi also engaged Larry Cameron as CTO, which was also progress. Some security issues were tacitly acknowledged.

But then things took a turn for the weird again. John McAfee is Chairman of Bitfi. I asked Bitfi why McAfee was continuing with the ‘unhackable’ claim while Bitfi was acknowledging that vulnerabilities existed.

McAfee then released a video, persisting with the ‘unhackable’ and ‘no storage’ claims.

This is an eMMC flash storage chip on the Bitfi board. Yes, storage:

So, to prove the point, we amended the boot animation of the Bitfi. You can see our homage to John McAfee and the Bitfi above.

Team effort

Whilst one of our team has been leading and coordinating this, it’s very important to note that this is a team effort by multiple infosec researchers from numerous organisations.

So far, it’s probably been one of the most interesting exercises we’ve been involved in. The responses from Bitfi and McAfee have simply fuelled the team’s desire to disprove the ludicrous claims.