The entrepreneur John McAfee or his eponymous company had been around for a long time, and the in-house offer “Bitfi” just fulfill the requirement to have a system which is fully secured. From the point of view of all users of crypto-wallets, it would be desirable to have a format that offers 100% protection against hacker attacks. But now it turns out: Even this wallet for the storage of bitcoins is just not completely safe.
Optimal security even with Bitfi not given
A group of security researchers have managed to read some phrases out of the system. This refutes that Bitfi is “unhackable”, as it was called until now. It is also not the first time that actually safe data has been read out.
Thus, the Bitcoin wallet on Android basis finally loses the right to call itself as completely safe. The frightening thing about it: The efforts of the researchers kept within manageable limits, as stated in a statement. If it had been wanted, the experts could have lifted the entire contingent of bitcoins from the attacked digital wallet.
Researchers show vulnerability with cold boot attack
Anti-virus software company McAfee responded by announcing that they no longer consider the service non-hackable. Background of the “incident” was a cold-boot attack as in other tests in the past. The researchers Ryan Castellucci and Saleem Rashid had opted for this approach to retrieve secret passphrase in just two minutes and on a (supposedly) rooted device also get the salt value, as per a video, which was published via Twitter.
Bitfi key longer than guaranteed to be available?
A technical laymen said that the data is already sufficient for a device acquisition. The message comes at a bad time, because recently a Bitfi provider announced that the transaction key remains only for a short time in the system memory.
The researchers see this statement as refuted with the attack. But after two successful hacks, the advertised sum of a quarter of a million US dollars could not be collected. Because the McAfee demanded criteria of access was also not met according to the company in this attack.
So, the reward could still be secured for somebody else by hacking the provider’s $120 wallet in compliance with applicable conditions.