Here is the company’s side of the story, including some clarifications regarding the storage model the device uses and insight into how its software works to prevent the siphoning of private keys from memory.
Cryptovest: Can you walk me through what’s been going on with the hackers at Pen Test Partners?
Bill Powell: The thing is that the company right now has two bounties. One is for a quarter-million dollars, which demonstrates a situation in which, let’s say, somebody steals your device, and the question is, “Can we get your money or not?” That is what it insinuates. That is a very important attack… And we’re the only company offering this kind of bounty, because our competitors know that if they send a wallet with coins to an experienced hacker, they’ll get those coins out in 15 minutes.
And then we have a second bounty which is designed to simulate a man-in-the-middle attack and that one awards $10,000. We still want to see if it’s possible to do it and see what kinds of ideas they [hackers] can come up with. In that bounty, it simulates a situation in which somebody intercepts a device being shipped to you or something like that, modifies it, and you would start using it without being aware of it transmitting information to the attacker whenever you’re typing in your secret phrase and salt. So, you put in your credentials and, without your knowledge, the wallet sends information to the attackers.
Nobody has ever come forward to claim either of these two bounties, ever. And these guys [Pen Test Partners] are basically posting random images with no proof, no method, no evidence, nothing whatsoever.
I mean, we reacted. We literally sent them messages saying, “If you have done this, please send the device to us so that we can check and pay your bounty.” And they just said, “Oh, we’re not interested in a bounty. We’re not interested. Give that money to charity. We don’t want it. We just want to do this.”
Who says that? Who would do that? And then we said, “OK. If you’re not interested in the money, do it [send the device] to help thousands of people who use the wallet.” I mean, if you don’t care about money, you obviously care about people who’s safety may be at risk. You demonstrated something that illustrates an attack, so shouldn’t you send it to us so we can immediately fix it and address it to see the way that the attack works?
We push updates to devices, so that when we discover a weakness, we can fix it rather quickly by pushing it out to our users.
It is mind-boggling, let’s say, that the media has picked up on these tweets from these random people without ever presenting any evidence or proof of any kind, and took it as fact and just posted articles all over the world saying the device has been hacked!
A quarter-million dollars certainly doesn’t just grow on trees, and a bounty is a very serious thing. If someone actually does this, and we don’t pay the bounty, no one will ever trust the company again.
You can’t just not pay the bounty. You’d completely ruin your reputation forever. You have to pay the bounty. It’s very serious.
The way that our device works is completely different from every other device, because other products store your private keys and keep them outside of the computer. But if they’re stolen, the seed and all the private keys are there and a hacker could get to them.
Our device does not store private keys. Our device generates them on the spot. So, it doesn’t store the data. That is the big innovation. A lot of people don’t really understand what we define as a really unique and sophisticated solution.
You put in your own phrase, and with that phrase, our algorithm calculates all your private keys for whatever transaction you’re doing - whether it’s Ethereum, Bitcoin, or whatever. [After that], the private key’s gone.
It persists in memory for a short amount of time. We try to get it down to a few seconds, and if your device is seized or stolen, an attacker or whoever takes it is going to find nothing in memory.
We think that if the guy was able to retrieve the private key from the device or something like that, it would have to have been done on a rooted device. But if you root a device, you have to restart it, and when you restart it, it wipes the RAM clean.
That means that there’s nothing in the memory anymore. And that’s why I think that he’s not releasing any data, because he knows that it’s a rooted device and it’s not a real-world attack.
It’s not something that can happen to an actual customer because if you steal a customer’s device… If you root it first, then it will wipe the memory clean. How will you get the private key even if you were to, let’s say, steal the device like 30 seconds after they use it?
It’s just, really, a remarkable situation. It seems like what happened was that these people got, just, triggered by the fact that [we made] this claim of “unhackable”. It got to this whole thing of, “What’s really the definition of ‘unhackable’?”
To them, it seems that a hack is anything where you modify the function of the device, whereas we are saying that a hack is where you are able to steal users’ funds. That is what a hack is.
We never meant to upset anyone. We just kind of thought we were true to our language [with] “unhackable”. We just thought that [it’s correct because] there’s just nothing to hack because the device doesn’t store data!
If the device doesn’t store data, you have nothing to hack. How can you hack something when there’s nothing on it?
That’s where we were coming from. We were not trying to upset all these hackers who see us as this challenge, where we’re challenging them to create this uproar in the hacker community where they’re like, “Oh my God, they’re saying ‘unhackable’. Nothing is unhackable!”
And also, I can tell you this: Right before we launched, we sent the device to John McAfee, and after he played with it and looked at it, he reached out to us and said, “Yeah, this is the first time in my life that I agree that something is unhackable.”
He’s famous for saying his whole life that everything is hackable, all systems are hackable, and he’s obviously a cybersecurity guy who kind of invented the whole antivirus category.
When we saw that, it gave us additional confidence because this is an unhackable wallet because it doesn’t store anything. It doesn’t store your data.
CV: I’ve been in the cybersecurity community myself for quite a few years. Unfortunately, I haven’t had a look at the device since I don’t have a lot of time to look at eMMCs, ICs, and other stuff like that anymore. But I do know that there is an eMMC chip on the device that stores information on a permanent basis because that’s flash memory, not RAM.
If I were to assume something, I would assume that the operating system behind the device is stored on the eMMC. Is that correct?
BP: Of course, of course.
CV: So, it has to have some storage, but it’s not storing the private keys. That’s what you’re telling me?
BP: Exactly, yeah. I mean, obviously, it has to have the memory to have an operating system that you could run on the device.
CV [interrupting]: From what I’ve seen, the hackers—from all the pictures that I’ve seen, because I’ve seen a lot of pictures of the device and even have an entire archive… And I’ve tried to contact them, by the way. I’ve tried to contact Pen Test Partners. They did respond to me. They said that they are not willing to speak to the media at this time. And I said, “OK, fine. You guys reached out to me, and we’ll talk to you when you want.” And that’s about it.
Anyway, back to the point. Uhm.. I do remember them allegedly saying that there was a key that remained in RAM for seven to fourteen hours. I did find that claim a little bit dubious, but it’s quite possible…
BP: Look… First they said minutes, then they said seven hours, then they said fourteen hours. How can we believe anything that they say? They don’t present evidence. They don’t present anything…
CV [interrupting]: Right. Those were just tweets. There wasn’t a picture. There wasn’t anything attached to that. Which is why, when I covered it, I said that they allegedly discovered it, because that’s what they said. I’m just presenting what they said.
I do understand your accusations on the media and I do find myself guilty of that, too. I covered it with a certain angle, but I didn’t think it would be fair without contacting you as well.
BP: The truth is that if the key does persist in memory for fourteen hours, number one: that is infinitely better than having it in the device permanently. The second thing is that, obviously, we can push updates to users. For example, an update can clear the RAM with a memory dump to make sure that the data doesn’t stay longer than a second.
We need people to recognize that we just launched like two months ago. Other companies have had way more issues a year or two into their existence than we have had at the very beginning.
And the thing is that we have no evidence whatsoever that the keys stay in RAM for several hours or anything like that.
CV: Well, I would imagine that garbage collection would come a lot sooner than that. I mean, I do remember and I have seen some evidence that your device is running on an Android back-end. And Android’s garbage collection [a process that consolidates pieces of memory that are no longer needed] is pretty frequent. It happens quite often.
BP: It’s a heavily-modified Android. It is very unlikely that [the keys] stayed in there for hours. In any case, we’re continuously in development. For example, we pushed out an update on Thursday [August 9] evening at the DEF CON conference because all these hackers were basically interrupting and coming out to the media… So, it’s actually a rather simple process that flushed the RAM and do a memory dump before it even gets to garbage collection.
There’s a lot of things that we’re doing. I can take a picture of something and show a certificate on Twitter that I am the emperor of China. It just isn’t the truth, right? And then the media picks up that story and says, “We have evidence that Bill is the emperor of China!”
CV: This is the problem, and you have to understand, that the media tends to be English [or Journalism] degrees. They don’t tend to be people who have cybersecurity certifications or anything like that.
BP: I understand, but any journalist would at least contact the company. “They’re saying this. What are you saying?”
They just ran with this post and [...] just kind of took those random images and how did we know that all these people weren’t paid by a competitor to do this? Why are they coming after us so aggressively on Twitter?
And if you look at the guy who’s been posting all this [Cybergibbons]. The guy posts something every two seconds, 24 hours a day, like he doesn’t sleep or something. If somebody had a real job in cybersecurity, they wouldn’t have so much time to spend on Twitter. Don’t you think?
CV: Well, he did say that he is a voice for the rest of the engineers that are working on [hacking the Bitfi device]. So, he would be like the guy who announces whatever they’ve actually managed to accomplish. It isn’t unheard of.
BP: OK, so it’s a huge team apparently working on it. And after all this work, not a single person has come forward to claim either of the two bounties. I mean, does that make sense to you?
CV: They did say that they wanted the funds to go to charity or something like that. I’ve seen things like that; you’ve repeated it to me. But the fact that they didn’t send the device would leave a few doubts.
BP: We will definitely send the money to charity if they want, but just send the device so we can see that it does this. We don’t think that anyone is going to be able to claim the quarter-million, but at least the $10,000. Sure, why not?
I would appreciate it. Probably, what they’re doing to the device are all kinds of different party tricks but not real-world attacks.
CV [interrupting]: Sure, but it’s rooting the firmware, though. And I’ve seen another teenager that managed to root the firmware and run DOOM on the device.
If they manage to do that, I think that one of the big dangers, in this particular situation, would be, for example, if they can’t remove the cryptocurrency that’s in the wallets at that point in time—because you can’t do that by rooting the firmware—you can introduce arbitrary code and give it to somebody else.
And they’ll store their cryptocurrency…
BP [interrupting]: They have not been able to demonstrate that yet. The thing is this: The way that our device works is that if you upload anything to the firmware - any other code - it will no longer sync and function with our dashboard, because [...] when you first receive it, you have to sync it so that it interacts with the dashboard where you view all your balances and money online and then you approve transactions on your device.
The dashboard is communicating with the device. So, if someone modifies the digital signature of the device, it will no longer sync with our dashboard. It will no longer work. Period.
What will happen is that if somebody receives a device with modified firmware, the digital signature will not match and it will not connect with our dashboard.
No one has been able to demonstrate that they can do this yet. Gaining root access has not accomplished anything as far as any real-world attack. Think about it: They got root access but we have ensured - because of the way that the device connects to dashboard - that it basically works through the same encryption as Bitcoin. It’s almost like a Bitcoin private key.
The device has to have a specific digital signature to sync. If it doesn’t have it, it won’t connect.
CV: OK, so you’re talking about something like an MD5 hash or something that has to happen so that the server can validate that the device is using the authentic software provided by Bitfi?
CV: Alright. That’s what makes sense to me.
BP: This is why none of [the hackers] have been able to successfully do this, except do all these party tricks. You gained access, you upload something else to it, and it’s no longer a Bitfi wallet. What is a Bitfi wallet built on? It’s built on a small tablet.
They’re calling it a phone. It’s not a phone. It’s a very small tablet and at the time that we were developing this, the smallest tablet on the market was like five and a half inches or five inches. We wanted to go smaller, so we had to make use of all the parts, but we obviously can’t make a call on the device. It doesn’t even have an earpiece or speakers!
So, it’s a small tablet… The moment that you modify the firmware, it becomes something else. Other wallets are storage devices. All they do is store your private keys.
Our wallet is a computing device - an actual small computer - that calculates private keys. So, in our case, of course you can play DOOM on anything with a CPU and a screen. Any computer with a screen can be modified. You could literally take any electronic device and turn it into something else. But if you turn it into something else, it’s no longer a Bitfi wallet, so you could play DOOM on it and take advantage of a CPU and a screen. But what does that have to do with it? It’s no longer a Bitfi wallet. No one can use it as a Bitfi wallet.
It’s just completely absurd. What they’re showing is just basically party tricks but no actual evidence of an actual real-world attack that they could present or send to us. Yeah, we will happily send money to charity if they can demonstrate real evidence like a real researcher showing that here’s a method and here’s how other people can replicate this…
Given that, it’s very clear that the media just kind of went completely ballistic on this.
CV: [Regarding the reason why Bitfi got so much media attention] The “unhackable” claim, I think, is something that warrants a lot of skepticism. And I think that [...] what’s going to happen after making such a claim is that people are going to jump at any opportunity to disprove it. And even if they don’t completely disprove it, everybody gets all excited when someone does a very small modification or something.
BP: Yeah, well, we really didn’t expect that kind of reaction.
CV: That was quite predictable. I saw it coming when you guys first announced your wallet. It’s just the way the world works.
BP: It’s too bad. Negativity is not good [...] and that’s potentially something holding us back. It’s not a good thing.
CV: One thing that I’d like to [ask] is… Do you still believe that it’s OK to purchase a pre-owned wallet?
BP: At this time, we decided to announce and tell people not to do that until we learn more and investigate this more. We did post a warning on our website that says you shouldn’t do this until we explore this further.
We saw all these people making claims, so we want to see the data because people are making claims. We don’t want to put end users into any kind of unnecessary risk, so at this time we’re warning users not to do that until we collect more data and learn more.
We may again say that it’s OK once we get more data.
CV: Alright. I saw that you guys had that on your website and it just didn’t appear anymore.
BP: Yeah, and now on the homepage, there’s a warning there that specifically advises users not to do that.
It’s worth noting that about a day after we held this interview with Mr. Powell, Andrew Tierney from Pen Test Partners - the company that penetration-tested the wallet - posted an announcement from the team on Twitter refusing to engage with Bitfi any longer.
The team also said, “We are more than happy to demonstrate the attacks to a journalist.”
When we had previously contacted Pen Test Partners on August 8, we received a prompt reply from marketing manager Joe Bursell, saying, “At the moment we feel it is too early to comment directly with the press.”
We stand by our offer to arrange an interview with Pen Test Partners with the same level of flexibility and respect that one would expect from a publication whose ultimate goal is to pursue objectivity.