Pics A crypto-currency wallet heavily promoted as "unhackable" – complete with endorsements from the security industry's loopy old uncle John McAfee and a $350,000 bounty challenge – has, inevitably, been hacked within a week.
The $120 Wi-Fi-connected Bitfi wallet is a hardware device that stores your crypto-coins and assets, and requires a passphrase to access these goodies. The phrase is used to temporarily generate, for a few milliseconds, the private key needed to unlock the data, and is then discarded. So without the passphrase, you can't get at the gizmo's fun bux, allegedly.
It was thus launched last week with some bold claims: it was the "most sophisticated instrument in the world" offering "fortress-like security" for your electronic coins. Its phone-like device is "the world’s first unhackable device", the manufacturer announced – to some mockery by security experts.
The biz even got John McAfee to play along. He tweeted: "For all you naysayers who claim that 'nothing is unhackable' & who don’t believe that my Bitfi wallet is truly the world’s first unhackable device, a $100,000 bounty goes to anyone who can hack it. Money talks, bullshit walks."
Having received acres of press coverage, the company then offered its own "bounty" of $250,000, presumably in an effort to sell more hardware. But then, of course, with glum inevitability, the whole thing has come crashing down.
A spokesperson for Bitfi was not available for immediate comment.
First off, the "most sophisticated instrument in the world" turns out to be nothing more than a cheap touchscreen Android phone with some components pulled out, particularly the cellular connectivity stuff. It's powered by a Mediatek MT6580 system-on-chip, and appears to be very similar to a smartphone reference design. The Bitfi biz is charging people $120 for something that is sold for $35 wholesale.
The bounty program also turns out to be very different to what you would imagine. The company has given very specific requirements over what constitutes a legitimate hack: you have to receive a Bitfi phone loaded with $50 in crypto-coins using an unknown passphrase, and get the coins off that device.
A good thing
Which sounds reasonable, and also serves to flag the one aspect of the Bitfi that is a genuine security plus: it doesn't store the actual key used to access the crypto-currencies on the device itself.
However, the bounty doesn't reflect reality. As infosec probester Andrew Tierney put it, the challenge only covers one specific method of theft – accessing coins on a stolen device – yet the thing is supposed to be completely unhackable and thus be able to see off any attempts to empty it.
"The bounty deliberately only includes only one attack: key recovery from a genuine, unaltered device. And the device doesn’t store the key," Tierney wrote over the weekend.
"The only way to win the bounty is to recover a key from a device which doesn’t store a key. There are many, many more attacks such a device is vulnerable to. The most obvious one: modifying the device so that it records and sends the key to a malicious third party. But this is excluded from the bounty. Why is this? Because the bounty is a sham."
Indeed, the bounty does not cover the scenario of someone intercepting shipments of the devices, backdooring them, and then siphoning off coins from victims – a genuine supply chain problem. Nor devices being stolen, tampered with, and then returned without a victim knowing, allowing the wallet to be emptied. Again, another legitimate concern given this is supposedly "unhackable."
Despite the claims of "faultless, impenetrable security," it turns out that the Bitfi phone is very far from an unhackable wallet.
Crucially, it has no anti-tamper measures, meaning the back can be popped off using your fingernails, the hardware reprogrammed or bugged, the case closed up again, and the handheld handed to a victim. Once the mark taps in their passphrase, whatever backdoor you've built into the thing can phone those details home over the internet for you to exploit.
We know this because within a week of the gadget being launched – and just a few days after security researchers received their specially repurposed phones – they started digging in and revealing:
- The unencrypted I2C protocol lines between the touchscreen and chipset can be eavesdropped on, allowing you to discern the individual passphrase that a user taps in on the display if you slip in an appropriate bug.
- There is a complete lack of tamper protection: so you can open up the device, and it will continue to work normally while you monitor what is going on within the thing. Alternatively, you can tamper with its hardware or firmware so that it steals coins, close it up as if nothing has changed, and hand it to a victim.
- You can access and dump the device's file system from its flash storage.
- There is software present that allegedly and potentially collects personal information, tracks the whereabouts of the device, and beams it off to Baidu and Adups servers in China. There are also standard MediaTek libraries and example apps installed.
- And, yes, inevitably, you can gain root access to the device to reprogram it.
- And a backdoored device will still connect to its online backend and log into the owner's Bitfi dashboard account, which manages their crypto-dosh.