When the passengers boarded the RMS Titanic before its maiden voyage they believed that they were on an unsinkable ship. They weren’t as you hopefully know. Since then few have had the audacity to label anything as unsinkable or indestructible and that has moved into the technological realm as well few have dared to label their system as unhackable. John McAfee recently did and he did not like the results.

John McAfee

John McAfee is a security expert. He founded McAfee Associates and created the world’s first commercial antivirus software. He has worked in the past for NASA, Univac, Xerox, Booz Allen Hamilton and Lockheed as well as running his own company. He is perhaps most famous for being the target of a murder investigation in Belize involving his neighbor and while never convicted (only suspected) he fled Belize to Guatemala where he sought asylum. His asylum was denied and he was deported back to the US. He is a controversial figure.

The challenge

McAfee has developed an interest in cryptocurrency which led to his partnership with crypto-wallet maker Bitfi. They wanted to prove their security in a time when crypto wallets are being hacked left and right costing their victims millions of real dollars and driving some cryptocurrencies to near extinction. McAfee set out to use Bitfi’s security to prove that his wallet was unhackable. As an incentive for anyone to try and break his security McAfee offered $100,000 to anyone who could hack his Bitfi wallet successfully. That offer was later upped to $250,000 by Bitfi.

There was a catch of course as anyone attempting it had to purchase a Bitfi wallet for $120 which came preloaded with cryptocurrency so perhaps this is just as much marketing scheme as well. These devices are about the size of a smartphone and use a touchscreen to interface with it. McAfee called this device the “most sophisticated instrument in the world” with “fortress-like security” and naming it the “world’s first unhackable device.” To successfully hack the wallet and claim the prize the coins had to be taken off of the device and moved to another. This was an interesting change in stance from McAfee who has stated before numerous times that nothing is unhackable.

Was the hacker successful?

Of course numerous people have tried and one may have been successful. A self-described computer geek from the Netherlands announced via Twitter that they had gained root (super user) access to a wallet. McAfee snapped back that it did not count as a successful hack and did not win the challenge as the root user had no ability to write or modify a wallet and hence no way to move money off of the wallet. The geek then claimed the contest was a sham since their ability to gain root access demonstrated that the system was not secure but this person has not requested payment. In light of this vulnerability Bitfi has offered a bounty to find other vulnerabilities.

Other vulnerabilities exposed

When the contestant claimed it was a sham they may very well have been right as the only way to recover the key necessary to unlock the wallet was from a device that does not store the key. The recovering of the key was necessary to win the contest as that was the only way to move the money off without tampering with the physical device and the Bitfi wallet can be tampered with. The back can be easily removed and if someone knows what they are doing they can reprogram the device to create a backdoor which could allow for the movement of coins.

This hacker, as well as several others, demonstrated that there is no such thing as an unhackable device. The positive in this is that the vulnerabilities were found by people who reported them and not by criminals. As long as a device is connected to the Internet it can be hacked. While no money was paid out for the contestants McAfee’s statement that his wallet was unhackable seems to have been proven false. Remember that, never declare your system unhackable. If you do, you are setting up a huge bullseye on you or your business and you will not like the results.

Comments are closed.

Scroll to Top