That is at least, according to one Twitter user, going by the handle Cybergibbons. The man behind the account is Andrew Tierney, a security consultant at Pen Test Partners – a penetration testing and cybersecurity company. Tierney alleges that the circuitry used in McAfee’s Bitfi wallet is the same as that used in cheaper smartphones, Tierney also divulges that there is no secure element present within the device.
Tierney further accuses the Bitfi wallet of having no FCC ID on it, a certification that radio frequency devices require before being marketed or sold in the US:
The Bitfi we have received has no FCC ID on it, no mentioned of FCC compliance anywhere.— Ask Cybergibbons! (@cybergibbons) July 30, 2018
As an intentional emitter in the 2.4GHz band, not using a sub-assembly, this sounds like it shouldn't be for sale in the US.
Is my understanding here correct?
Another technically savvy user jumped in on the analysis of the device and discovered that the board may have had some components stripped from it.
I'm in agreement with this - it does look like components may actually have been removed from the Bitfi board.— Ask Cybergibbons! (@cybergibbons) July 30, 2018
It seems stupid, but manufacturers probably would strip components from the board if they can get any value out of it. https://t.co/UQ2yskDjRT
While Mcafee has been uncharacteristically shy in response to these allegations, Bitfi got stuck in and responded to Tierney, after a Twitter back and forth between the two, Bitfi finally challenged Tierney to hack the wallet personally:
Evil maids, WiFi pineapples, server attacks, just hack it already and collect your $100,000.— Bitfi (@Bitfi6) July 30, 2018
Mcafee has understandably backed up his claim by offering a bounty, with a massive 100k to the first person to hack it; Interestingly enough so has Tierney… for a significantly lesser amount.
Here's our Bitfi bounty:— Ask Cybergibbons! (@cybergibbons) July 30, 2018
Come up with any viable attack against a Bitfi that doesn't involve beating the phrase and seed out of a user.
Take it to the media. We can help you with this.
The bounty in question has now reached $1100 and is growing by the hour. So far, no-one (Tierney Included) has been able to compromise the Bitfi wallet.