Less than two weeks after Bitfi posted a $100,000 bug bounty, it appears that researchers at Pen Test Partners may have cracked its firmware to the point where they were able to get the wallet to play a short clip.
This all started when Andrew Tierney—a security consultant working at the company—tweeted about entering factory mode on the Bitfi’s hardware, revealing that there was an Android-based debug bridge on the device.
https://twitter.com/cybergibbons/status/1024214165555240960
After step 1 of this, Bitfi CEO Daniel Khesin sent out an odd tweet calling for help from the community with a link to new rules for another separate bug bounty that now pays $10,000.
https://twitter.com/Bitfi6/status/1024736244067172358
This may be a strange coincidence, as this new bounty appears to be focused on the firmware of the device. It was posted on August 1st, a day after the consultant got into factory mode.
An update posted by Pen Test Partners shows that the team of researchers has managed to boot into a hacked version of Bitfi’s firmware and get it to play a short video clip that they presumably stored on the device’s eMMC chip.
This all happened despite Bitfi chairman John McAfee’s cl...
This article appeared first on Cryptovest