15 Year Old Hacks "Unhackable" Cryptocurrency Wallet to Play Doom

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Aug 9, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    18,263
    Joined:
    Apr 10, 2003
    15 year old Saleem Rashid has hacked John McAfee's "unhackable" Bitfi wallet and used the compromised device to play Doom. There is a $250,000 bounty for anyone that can crack the device and steal the coins. Saleem Rashid didn't get the coins off the device as they are stored in the cloud, so the $250,000 bounty is still available. But he still has one of the coolest and most insecure portable Doom devices on the planet!

    Video of the old-school first-person shooter has surfaced on Twitter. Self-described adversarial thinker Saleem Rashid is credited with hijacking it -- a hacking prodigy just 15-years old. Keep in mind, Bitfi's wallet is meant be the world's first 'unhackable' device, supposedly doubling as a secure cryptocurrency storage solution. But as we already know, this is hardly the case.
     
    AceGoober likes this.
  2. spaceman

    spaceman [H]ardForum Junkie

    Messages:
    14,520
    Joined:
    Jan 7, 2005
    So is that an impressive hack or not?
     
  3. Jim Kim

    Jim Kim 2[H]4U

    Messages:
    2,569
    Joined:
    May 24, 2012
    Have to wait and see if he gets charged as an adult under the Computer Fraud and Abuse Act.;)
     
  4. Mega6

    Mega6 Gawd

    Messages:
    762
    Joined:
    Aug 13, 2017
    Hacking Mcafee's drunken stoned wasted wallet, probably not that impressive.
     
  5. ZeqOBpf6

    ZeqOBpf6 Limp Gawd

    Messages:
    412
    Joined:
    Aug 24, 2014
  6. Mega6

    Mega6 Gawd

    Messages:
    762
    Joined:
    Aug 13, 2017
    And the point of hacking a wallet is to get the coins, which did not happen. Pretty pointless exercise.
     
    Rahh likes this.
  7. Troz

    Troz Limp Gawd

    Messages:
    401
    Joined:
    Jun 8, 2004
    Can't get coins from a device with none on it.

    "Whoa, how much money was in it, or what crypto was in it? @officialmcafee better pay that bounty up!"

    "None - they have yet to ship any of us a bounty device. So we are utilizing available resources until one finally shows up."

    They were getting a feel for the device.
     
  8. theBrownLlama

    theBrownLlama Limp Gawd

    Messages:
    372
    Joined:
    Aug 3, 2017
    considering the amount of b.s these days on the net, especially from the younger ones, i will wait for 3rd party verification.

    seems like he just flashed the entire device
     
  9. Yaka

    Yaka Gawd

    Messages:
    558
    Joined:
    Jan 26, 2004
    pretty sure this kids cred is rock solid
     
    Makaveli@BETA and AceGoober like this.
  10. Ski

    Ski Gawd

    Messages:
    830
    Joined:
    Jun 21, 2008
    Haha!
     
  11. Gottfried Leibnizzle

    Gottfried Leibnizzle Limp Gawd

    Messages:
    198
    Joined:
    Apr 29, 2015
    He has a bright future. As for the rest of us, we'll keep plugging away at our day jobs :(
     
    AceGoober likes this.
  12. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,332
    Joined:
    Nov 1, 2012
    I bet that he didn't actually hack anything on kernel level, he just bypassed the motherboard hardware and runs the touch screen off an external device.
     
  13. RealBeast

    RealBeast Limp Gawd

    Messages:
    436
    Joined:
    Aug 4, 2010
    His future really depends on what he does with his talent. Living in Mom's basement and hacking video games is one sad possibility. :rolleyes:
     
  14. M76

    M76 [H]ardness Supreme

    Messages:
    7,185
    Joined:
    Jun 12, 2012
    Lol, owned.
     
  15. shspvr

    shspvr Gawd

    Messages:
    710
    Joined:
    Nov 22, 2009
    This not a Hack more like upload and executed a custom firmware or rom directly in to device so who care as doom can be run a calculator
     
  16. DeathFromBelow

    DeathFromBelow [H]ardForum Junkie

    Messages:
    9,866
    Joined:
    Jul 15, 2005
    BaghdadBob.jpg
     
    auntjemima and AceGoober like this.
  17. Mut1ny

    Mut1ny [H]ard|Gawd

    Messages:
    1,731
    Joined:
    Apr 4, 2013
    Why? Seems to be working. Oh, right, McAfee...it's apparently OK to be assholes towards him...
     
  18. c3k

    c3k [H]ard|Gawd

    Messages:
    1,743
    Joined:
    Sep 8, 2007
    McAfee: just one drug-fueled murder and everyone says he’s a bad guy... Can’t a guy catch a break?

    /s
     
  19. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    7,022
    Joined:
    Oct 31, 2004
    Did he 'hack' as in penetrate to the coin data or did he 'hack' as in re-purposed the device?

    Seems like a bait and switch headline.
     
  20. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    1,949
    Joined:
    Nov 16, 2009
    They already posted there was no key/coins on the device for him to hack.
     
  21. modi123

    modi123 [H]ardness Supreme

    Messages:
    4,780
    Joined:
    Sep 6, 2006
    Augmented firmware - per the tweet reading.




    So.. just steps along the way I guess.
     
    auntjemima and AceGoober like this.
  22. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    7,022
    Joined:
    Oct 31, 2004
    That's a little different. If there was meaningful data could he have gotten past the security? It's like if I found an encrypted drive, erased it and used it to store my vacation photos and then claimed I hacked an encrypted harddrive. No I hacked (barely) a harddrive and did not hack the encryption.
     
  23. Kardonxt

    Kardonxt 2[H]4U

    Messages:
    2,566
    Joined:
    Apr 13, 2009
    From the sounds of it yes. The tech write up and tweets pretty much imply he got as far as he needed to prove the exploit is more than viable in a number of ways.

    He essentially kicked down the door to your house to prove it wasnt secure and left. Getting a buddy to help lift your TV into his van was unnecessary unless he was actually robbing you.
     
    KarsusTG, scojer, Meeho and 1 other person like this.
  24. Mega6

    Mega6 Gawd

    Messages:
    762
    Joined:
    Aug 13, 2017
    There is no proof you robbed Fort Knox without bringing back the gold. Even 1 mBTC would be convincing. This is not.
     
  25. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    7,022
    Joined:
    Oct 31, 2004
    From the article is sounds like broke into the house setup an xbox on the TV is eating their chips and drinking their beer, but the safe is still sitting in the corner untouched.
     
    AceGoober likes this.
  26. EBound

    EBound n00bie

    Messages:
    23
    Joined:
    Aug 9, 2017
    As someone already stated, he left the safe (the secure part) sitting in the corner untouched. He did not "hack" the device in the sense of what the reward was for.
     
  27. Troz

    Troz Limp Gawd

    Messages:
    401
    Joined:
    Jun 8, 2004
    There was no "safe" They have not been given the devices for the hack contest yet. They were simply getting a feel for the house while waiting for the safe to be delivered.
     
  28. Kardonxt

    Kardonxt 2[H]4U

    Messages:
    2,566
    Joined:
    Apr 13, 2009
    Sorry, I didn't mean the article, I meant his tech write up that was posted earlier. https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

    He outlines a few different options, IIRC one of which was using the MCU to just send the transactions wherever you want without the user noticing. In this case you don't actually need to crack the safe, The user does it for you.
     
  29. Gottfried Leibnizzle

    Gottfried Leibnizzle Limp Gawd

    Messages:
    198
    Joined:
    Apr 29, 2015
    The point is not what he did or didn't steal. There is much to be said for the kid's character if you go read his blog, nevertheless the thrust of the story is that a supposedly secure technology got handed its ass (and that of he CEO thereof) on a silver platter.

    By a kid.

    Who's probably smarter than you or I.
     
  30. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    7,022
    Joined:
    Oct 31, 2004
    No and Maybe. If you have hardware in hand, you can always compromise it to some degree. Since there was nothing there we really don't know if it was still accessible or damaged by the process. I could see a reason to not self-brick. If the device is damaged or even if it stolen, does making the money become inaccessible help you? The security is from it being in your possession.
     
  31. Mega6

    Mega6 Gawd

    Messages:
    762
    Joined:
    Aug 13, 2017
    Teenager publicity stunt, good job for him.
     
  32. Gottfried Leibnizzle

    Gottfried Leibnizzle Limp Gawd

    Messages:
    198
    Joined:
    Apr 29, 2015
    Then we might as well go back to hiding bullion in the mattress.
     
  33. Meeho

    Meeho 2[H]4U

    Messages:
    3,778
    Joined:
    Aug 16, 2010
    I think that is a different product.

    Look at the Ledger example above. Man in the middle attack is a huge issue with products like these.