7 matches found
The Vulnerability Disclosure Process: Still Broken
Despite huge progress in the vulnerability disclosure process, things remain broken when it comes to vendor-researcher relationships. Case in point: Last year when Leigh-Anne Galloway a cybersecurity resilience lead at Positive Technologies found a gaping hole in the Myspace website, she reported...
John McAfee backed Bitfi wallet pwned again
By Uzair Amir The presumably unhackable Bitfi wallet backed by John McAfee has released a statement announcing that the unhackable tag will be removed from their marketing materials. The step comes after the device’s security was compromised by a Twitter user under the name @spudowiar. The...
Hacking the Bitfi Part 5: MITM transactions
So what’s latest with the Bitfi unhackable/hackable crpto currency wallet? Bitfi release software version 89 over the weekend. Devices updated, so we had a look to see what had changed. First, they’ve tried to stop the passphrase and seed from being cached in memory and therefore trivially...
Bitfi research receives Pwnie Award for ‘lamest vendor response’
The Pwnie Awards is an annual celebration of the achievements of security researchers and the security community. It's also an opportunity to roast vendors for lame responses to security concerns. The ceremony took place last night, August 8th, 2018 in Las Vegas at the BlackHat USA security...
Hacking the Bitfi Part 3: The device with no storage
TL;DR? Here’s proof that the Bitfi has storage and that it’s been rooted. -The Bitfi boots at 20 seconds. We’re not disclosing the method yet, as there is plenty more work to be done here. If you’ve been keeping an eye on Twitter, no doubt you’ve seen the unravelling mess that is the security of...
Hacking the Bitfi. Part 2: John McAfee’s video
The unhackable Bitfi story isn't going away any time soon. Following John McAfee's tweet yesterday that he would put out a "definitive video countering all of the nonsense claims instigated and co-coordinated by BirFi's sic established, monolithic competitors in the hardware wallet space" here's ...
Hacking the Bitfi. Part 1
A large number of security researchers have taken exception to the ‘unhackable’ claims made by Bitfi and John McAfee about the security of their hardware cryptocurrency wallet. The $100K bounty offered appears to be something of sham, given it covers a very, very specific scenario. Bitfi states...