If the security community could tell you just one thing, it’s that “nothing is unhackable.” Except John McAfee’s cryptocurrency wallet, which was only unhackable until it wasn’t — twice.
Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet. The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.
But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen.
Using this “cold boot attack,” it’s possible to steal funds even when a Bitfi wallet is switched off. There’s a video below.
on a completely unrelated note, here is a @Bitfi6 being cold boot attacked.
it turns out that rooting the device does not wipe RAM clean. who would have thought it!?
— Saleem “Unhackable”