X
Tech

Challenge accepted: 15-year-old plays Doom on 'unhackable' Bitfi

Bitfi is becoming something of a joke as an "unhackable" device -- but there may be more to come.
Written by Charlie Osborne, Contributing Writer
screen-shot-2018-08-09-at-11-09-32.jpg
Source photo

Bitfi, a supposedly "unhackable" wallet for cryptocurrency transactions and trading, prompted glee and mockery over the last week.

As the company, backed by John McAfee, staunchly defended its product as completely unhackable, the mere phrase used was enough for security researchers worldwide to take the bait.

It took only a week for exploit after exploit to flood social networks, leaving the reputation of the "fortress-like" security of the $120 device in tatters.

The company may have claimed that the device's security is "absolute," but after the offer of a $250,000 bug bounty to any that could break the system -- despite the need for bounty hunters to buy the device in order to participate -- it did not take long for reports to appear of successful hacks.

Pen Test Partners dubbed the Bitfi as a "cut-down Android phone," and were able to secure root access, Oversoft discovered a suite of Baidu apps including trackers which should not be there, and another group of researchers posted Bitfi's vendor and ROM system partitions on PasteBin.

See also: 'Unhackable' Bitfi wallet circus delights security researchers with hacking challenge

Jokingly, Ryan Castellicco said that the device was poor enough that "someone will probably have Doom running on it by Friday."

Well, that prediction has come true.

CNET: This cryptocurrency-mining router got hot enough to fry an egg, so we did

15-year-old Saleem Rashid, something akin to a hacking prodigy, has demonstrated that despite claims of being unhackable, Doom runs perfectly fine on the device.

In a video posted to Twitter, the teenage hacker can be seen gleefully enjoying the retro game.

It is true that no-one has managed to take coins from the device itself yet, a point being clung to by McAfee, who is not enjoying the coverage Bitfi has managed to accumulate.

screen-shot-2018-08-09-at-11-12-01.jpg

TechRepublic: Why cryptocurrency needs to get more user-friendly to achieve mainstream success

However, it appears there may be more to this than simply baiting Bitfi.

Twitter user 'Abe Snowman,' systems engineer, said on Twitter that researchers are working on an attack against the cryptocurrency device.

When challenged by a user over the lack of coin theft, the engineer said:

"Perhaps it may have occurred to you there's a reason we are barreling down this specific path. We will be releasing details of the attack and our methodology once work has completed."

The engineer later added:

screen-shot-2018-08-09-at-11-16-49.jpg

Whether considered a party trick or a true hack, the game being installed on a device used for financial authorization which claims "fortress-like security" is still a concern.

It will be interesting to see what comes out of the party hat next.

Previous and related coverage

Editorial standards