back to article 'Unhackable' Bitfi crypto-currency wallet maker will be shocked to find fingernails exist

A crypto-currency wallet heavily promoted as "unhackable" – complete with endorsements from the security industry's loopy old uncle John McAfee and a $350,000 bounty challenge – has, inevitably, been hacked within a week. The $120 Wi-Fi-connected Bitfi wallet is a hardware device that stores your crypto-coins and assets, and …

  1. JohnFen Silver badge

    The universal law

    The universal, immutable law of security is: if a thing can be accessed legally, it can also be accessed illegally.

    I would add a corollary: this law is doubly true of any system that claims to be "unhackable".

    1. Dave 126 Silver badge

      Re: The universal law

      > if a thing can be accessed legally, it can also be accessed illegally.

      It's your use of the word 'if' that's caught my attention. What would it take to make a physical object inaccessible to a well-resourced attacker? You might put it in a bank vault, but that means trusting the bank - and the state, since it's the police who prevent robbers with cutting equipment taking a leisurely week to attack the vault. You might put it in a safe, but that merely means that the item to be accessed is now a physical key - a physical object, which is just making the problem recursive. You could use a passcode on your safe - but beware shiny button syndrome or the micro camera in the wall behind you. And again, in a lawless state the attackers can take as long as they want to physically break the safe. You might bury it in the woods, but again that just means the attacker only needs information to access your precious item.

      1. Stoneshop Silver badge
        Devil

        Re: The universal law

        It's your use of the word 'if' that's caught my attention. What would it take to make a physical object inaccessible to a well-resourced attacker?

        If they're dedicated to getting into your secure device specifically, then there's very little you can do.

        But in most cases you don't have to outrun the bear, you just have to outrun the next person.

        1. Dave 126 Silver badge

          Re: The universal law

          Making myself an unattractive target for thieves by spending all my money on beer.

          1. teknopaul Bronze badge

            Re: The universal law

            Enterprising young hacker should have rewritten the software on the xevive to publish the password when entered, copied the encrypted data, faked a hack with incorrect data, returned the device and claimed the prize.

            No doubt John would have, to some fanfare on stage, entered the real password on the device to prove it was never hacked. Hacker gets sms with real password opens wallet, profits a cool quarter of a million.

            1. MyffyW Silver badge

              Re: The universal law

              "As I pass through my incarnations in every age and race,

              I make my proper prostrations to the Gods of the Market Place.

              Peering through reverent fingers I watch them flourish and fall,

              And the Gods of the Copybook Headings, I notice, outlast them all."

              1. hplasm Silver badge
                Happy

                Re: The universal law

                "...And the Gods of the Copyrights, I notice, outlast them all."

                FTFY

      2. Charles 9 Silver badge

        Re: The universal law

        "What would it take to make a physical object inaccessible to a well-resourced attacker?"

        No defense known to man can stop an insider. Who has to crack bank vaults and so on if I can just learn enough about you to impersonate you?

      3. JohnFen Silver badge

        Re: The universal law

        You're assuming a logical connection that I did not assert. "If a thing can be accessed legally, it can be accessed illegally" does not mean that if a thing can't be accessed legally, then it can't be accessed illegally.

        1. Charles 9 Silver badge

          Re: The universal law

          He's not. He's asserting if ONE person can access, ANOTHER can by impersonating the first, and that there is no real way to prevent this physically.

  2. VikiAi Silver badge
    Mushroom

    "Uncrackable"

    Yeah, they said that about the atom once, and look where that got us!

    1. DropBear Silver badge

      Re: "Uncrackable"

      Hardly fair to blame them for that considering the mind-boggling repulsion between the nucleus and any other proton you might consider using for said cracking - and that when they said that, nobody had any idea that neutrons existed...

  3. jake Silver badge

    "And we should all know better than to be even bother talking about it."

    Indeed.

    But laughing at it? Fair game, that others might learn.

  4. Mark 85 Silver badge

    McAfee credible?

    Really? I am shocked that his endorsement of a product might be considered a plus that product based not just on the man himself but also on the concept of "endorsement for hire" like a certain sports and actor/actresses. I daresay any celebs endorsement is just about as valuable as the paper it's printed on.

    1. IceC0ld Bronze badge

      Re: McAfee credible?

      SO secure, it IS so secure

      it will survive for .............. five - four - McAfee - Two - GONE

      ah well better luck next time, as along the immutable laws, is the one born every minute :o(

    2. Stoneshop Silver badge
      Windows

      Re: McAfee credible?

      I am shocked that his endorsement of a product might be considered a plus

      To you and me it's not, but there are millions of rubes who just know his name from the AV stuff and consider that authorative on security matters

  5. JLV Silver badge

    >McAfee – a man who makes Donald Trump's tweeting compulsion look considered and thoughtful

    Less stable(maybe, one hopes), more genius (at least at some point). More fun to be around, I’d bet and at least he can blame mind altering substances for most of his tweets.

    1. jake Silver badge

      " I’d bet and at least he can blame mind altering substances for most of his tweets."

      So can the Idiot In Chief, except his are probably the natural result of aging.

    2. james_smith

      at least he can blame mind altering substances for most of his tweets.

      Quite possibly Trump could as well. One of his doctors prescribed him a medication that's basically an amphetamine back in 1982, and he took until "no later than 1990". It would explain a lot if he's still taking them, although even if he isn't, long term ampetamine use causes lasting damage to the body.

      http://polipace.com/2018/03/01/trump-medical-records-show-worrisome-addiction-drug/

  6. Palladium

    Quick!

    We got to keep hyping up crypto more before there are no more suckers left to hook.

    1. Anonymous Coward
      Anonymous Coward

      Re: Quick!

      There's one born every minute.

  7. Anonymous Coward
    Anonymous Coward

    Crackers

    He's crackers

  8. Anonymous Coward
    Anonymous Coward

    That is some BS article!

    " The most obvious one: modifying the device so that it records and sends the key to a malicious third party. But this is excluded from the bounty. Why is this? Because the bounty is a sham."

    Really?

    Another title for you: "Unhackable device can be hacked if the hardware is modified, therefore it is worthless."

    This is so stupid I have no words. What next? "Incredible: You can die of poisoning if healthy food is mixed with poison" ?

    1. Anonymous Coward
      Anonymous Coward

      You missed the point the article was stating the fact that the device is easy to open and therefore easy to modify.

      It should have a tamper warning if opened.

      1. HxBro
        Joke

        You mean there's no sticker!

        Hacking something with a "warranty is void if broken" sticker is infinitely harder than one without, maybe I should suggest that as a upgrade to the device, you can pick them up on ebay cheap enough, if they'd have skipped the endorsement and spent the money on stickers, they'd have a MUCH more secure device.

      2. 080

        Duplicate comment

    2. Anonymous Coward
      Anonymous Coward

      re: That is some BS article!

      Awww! Well, it is the Summer Holidays so I guess you're not at school....

    3. Geekpride

      Hi John McAfee, I didn't know you read The Register.

    4. bish

      Lay off the kool aid

      First of all, you're calling out the Register's article as 'BS', but using a quote from a completely different source: the article, in that section, is quoting what Andrew Tierney wrote elsewhere. You can call bullshit on Tierney's opinions (and you'd be wrong) but you can't call bullshit on El Reg, since they're just accurately reporting someone else's (relevant and informed) opinion on the story.

      Secondly, and finally, you seem to think 'hacking' is exclusively about using code to manipulate factory standard kit. Social engineering, bugs/key loggers, rubber duckies, etc etc are presumably not 'hacks' in your world, since they don't fit your absurdly narrow requirements that hacks use only stock hard/soft ware. You'd presumably also argue that even software exploits aren't technically vulnerabilities, because people aren't supposed to use software that way. God help anyone who relies on you for tech/security advice.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lay off the kool aid

        I still don't buy this definition of "hackable' (even though most people are not with me here; that's fine).

        So if this device was sold with all electronics encased in a solid block of black epoxy, suddenly it would be the bee's knees?

        Not trying to be smart (and you would say there is no chance of that happening), but I wish all "hackable" devices required modifying the hardware to gain access, like this one apparently does. I happily would settle for that for now.

        1. Francis Boyle Silver badge

          You seem to be missing

          that this is a hardware security device. Yes, I expect hardware security devices to have secure hardware.

        2. jake Silver badge

          Re: Lay off the kool aid

          AC, some of us are old enough to remember when the word "hack" included physically modifying hardware. It's not our fault that the media has perverted the meaning of the word to mean "some clueless kid ran a shell script that he found online somewhere".

    5. Cynic_999 Silver badge

      "

      What next? "Incredible: You can die of poisoning if healthy food is mixed with poison" ?

      "

      You can see that, yet you fail to see the stupidity of a food producer who sells loose items of food while claiming that their product cannot be poisoned. Planting malicious code that transmits passwords to a 3rd party is an extremely common method that hackers use to gain unauthorised access. If I can plant a backdoor in a device by gaining physical possession of it for a few minutes, then it cannot possibly be described as "unhackable." At the *very* least the case should be made such that it would be obvious if someone had opened it.

  9. Byz

    First rule of security...

    Nothing is unhackable

    Second rule of security

    Don't put it on Android !!!

    Android has so many known security holes (makes windows look good).

    1. Lord Elpuss Silver badge

      Re: First rule of security...

      Android sits at both ends of the security scale. Run-of-the-mill unhardened Android like this (and 99.9% of consumer Android devices) offer next to no security. On the other hand, some of the most secure comms handsets also run android - albeit properly hardened and probably unrecognisable to the layperson.

      1. Byz

        Re: First rule of security...

        I saw a hardened device in March (sold as very secure), it was still sending packets off to China.

        Eventually we harden it so much to stop the packets that it basically was unusable as a device :o

        1. JohnFen Silver badge

          Re: First rule of security...

          "I saw a hardened device in March (sold as very secure), it was still sending packets off to China."

          Then you didn't see a hardened device, no matter what the company's salesdroids told you.

        2. Stoneshop Silver badge
          Black Helicopters

          Re: First rule of security...

          Eventually we harden it so much to stop the packets

          Several inches of armour plating, for a start?

        3. RancidOrange

          Re: First rule of security...

          convenient<--------------------------->secure

      2. Claptrap314 Bronze badge

        Re: First rule of security...

        So why didn't Google offer these "secure Andriods" to their SREs? If Google cannot secure the device, I'm calling it unsecurable.

        1. JohnFen Silver badge

          Re: First rule of security...

          Google cant' secure them because it's unwilling to remove Google's own software. Android devices really are securable, just not by Google.

  10. Stoneshop Silver badge
    Windows

    What shoddy design is this?

    It doesn't even incorporate Secure Blockchain[tm].

    1. Anonymous Blowhard

      Re: What shoddy design is this?

      "It doesn't even incorporate Secure Blockchain[tm]."

      Exactly! If they'd securely wrapped it in a block of chain that would have frustrated their much vaunted "fingernails"...

  11. Pete 2 Silver badge

    No need to hack anything?

    If this device "holds" your digital stash, then to have it stolen means you lose your imaginary money.

    The only operation that a bad person needs to perform in order to profit from this is to steal someone's Bitfi and send a ransom note to the owner.

    Sometimes the "old fashioned" methods are the most effective.

    1. Lord Elpuss Silver badge

      Re: No need to hack anything?

      Obligatory

      https://xkcd.com/538/

    2. Steve K Silver badge

      Re: No need to hack anything?

      You can also lose the device - does that mean that you have >1for backups...?

    3. Robert Carnegie Silver badge

      Re: No need to hack anything?

      Stealing the device physically and demanding a ransom isn't hacking. A device with substantial hacking resistance still can be worthwhile to have.

      On the other hand, if this was just a cellphone and someone stole it, it would typically be findable remotely.

      iPhone has that feature; I understand it also is fussy about interference with its internal parts. I don't have one, but it seems to me that an iPhone is a better one of what this is, than this is.

    4. Cynic_999 Silver badge

      Re: No need to hack anything?

      "

      ... you lose your imaginary money.

      "

      It is no more imaginary than the bits of coloured paper or plastic in your wallet, or the magnetic ones and zeros on the HDDs of your bank's computer. Earlier this year I enjoyed a very nice holiday in a distant and exotic land paid for entirely by what you are calling "imaginary money"

      1. VikiAi Silver badge

        Re: No need to hack anything?

        In the end, even the value of gold and diamonds is imaginary - they only have value because we agree that they do. The only things that have true intrinsic value to humans are vitamins, protein, calories and shelter.

        1. jake Silver badge

          Re: No need to hack anything?

          I dunno 'bout you, VikiAi, but I'll take potable water before the four you mention.

          1. Scunner

            Re: No need to hack anything?

            Ooh, I'll play. How about breathable air?

            1. VikiAi Silver badge
              Thumb Up

              Re: No need to hack anything?

              I didn't count breathing air as it is (for the most part) too freely available on Earth to charge for (though people still manage, to a small degree, I realise, and if we can just pollute enough of it we can make it even more monetisable!).

              Potable water can, however, be valuable too. I missed that one!

  12. Anonymous Coward
    Anonymous Coward

    "There is software present that allegedly and potentially collects personal information, tracks the whereabouts of the device, and beams it off to Baidu and Adups servers in China. "

    Why is it sending data there?

    "And, yes, inevitably, you can gain root access to the device to reprogram it."

    Pretty poor security by design

  13. Tigra 07 Silver badge
    Stop

    "Although for those wondering why on earth McAfee would risk undermining his professional reputation"

    Whoa. Whoa Whoa! Stop it...Stop it... John McAfee doesn't have a professional reputation as anything other than a toilet man or bollock toad.

    1. JohnFen Silver badge

      I disagree. I think that John McAfee has a great professional reputation as a comedian.

  14. Prst. V.Jeltz Silver badge
    Boffin

    I reckon , even if that device was hardened and tamper proofed , it could be hacked by applying a gun the head of the user and using the passphrase "Hand over the goodies"

    1. Dave 126 Silver badge

      Such a device should ideally accept two pass phrases - one opens up your whole wallet as standard. A second passcode that you can enter when under duress will open it to reveal the equivilent of just $12.

      It's the digital equivilent if carrying a second wallet with a fiver and old library card to give to muggers.

      1. Charles 9 Silver badge

        "Such a device should ideally accept two pass phrases - one opens up your whole wallet as standard. A second passcode that you can enter when under duress will open it to reveal the equivilent of just $12."

        But someone who knows about duress codes would just shake you down more for, "Now the OTHER code!" Duress codes are counterproductive in that sense since once you know they exist, you assume they exist and keep torturing even if they don't exist.

        And the best counter to the wrench is to either be a masochist or a wimp...and an orphan. Either way, the wrench doesn't make you cough up (you LIKE it if you're the former, you faint if the latter), and if you're an orphan, there's no family to duress you.

        1. Prst. V.Jeltz Silver badge

          you assume they exist and keep torturing even if they don't exist.

          Great, so next time I'm mugged they will keep beating me up for not having a second wallet?

          Obviously I now need 3.

          1. Charles 9 Silver badge

            At least if you're mugged, they can be sure by stripping you of your clothes. Also makes it harder for you to call for help since a cop's first reaction may be to arrest you for Indecent Exposure.

            No such equivalent exists in the digital world because of lossless copies.

            1. JohnFen Silver badge

              "Also makes it harder for you to call for help since a cop's first reaction may be to arrest you for Indecent Exposure."

              Wouldn't that make it easier? You might not even need to call them at all, if they spot you first.

        2. Stoneshop Silver badge
          Facepalm

          Duress codes

          But someone who knows about duress codes would just shake you down more for, "Now the OTHER code!"

          "It doesn't have one"

          "Enter the OTHER CODE"

          "It doesn't have one, but if you insist". Enters the access code backwards, which wipes the unit (at that point you should consider the device irretrievably lost/inaccessible to you anyway).

          "See, it's empty. Here, you can have it"

          1. Charles 9 Silver badge

            Re: Duress codes

            "It doesn't have one, but if you insist". Enters the access code backwards, which wipes the unit (at that point you should consider the device irretrievably lost/inaccessible to you anyway)."

            At which point you'really shot for being expendable and a prick since you'd be doing something he'd ALSO know about and warn against.

            1. jake Silver badge

              Re: Duress codes

              Let us know when this happens to you in the RealWorld, ok Chuck? Until then, this fantasy scenario has about as much likelihood of playing out as the plot of any given James Bond movie.

              1. Charles 9 Silver badge

                Re: Duress codes

                I'm pretty sure it happened in China and Russia at some point in the past, although of course they'll never admit it. Put it this way. The enemy isn't stupid, and "we have ways of making you talk."

      2. c1ue

        Given that cryptocurrency wallets are open to all to view - only the most idiotic physical attackers would not check the wallet's contents.

        A physical attacker going after a cryptocurrency wallet is almost certainly knowledgeable about what he's going after.

        The 2 codes presumes an attacker who is randomly selecting victims *and* just barely cognizant of cryptocurrencies and technology. Or in other words, a straw man attacker.

        I will also add that cryptocurrency wallets are delightful from a physical attacker point of view in that they combine the hostage and the ransom all in one. No more messy negotiating with 3rd parties.

        I would be very nervous if I held any significant amount of cryptocurrency in a nation with kidnapping for profit...

        1. Cynic_999 Silver badge

          "

          Given that cryptocurrency wallets are open to all to view - only the most idiotic physical attackers would not check the wallet's contents. <...> I would be very nervous if I held any significant amount of cryptocurrency in a nation with kidnapping for profit..."

          Yes, you can easily find out how much cryptocurrency a wallet with a certain ID holds. But how do you find out who owns that wallet? And how do you find out the ID of a wallet a particular person has? If you were to buy something from me using BTC, I would create a new wallet and transfer the amount you want into that wallet before transferring it to you. You can trace both transactions, but for all you know the fat wallet belongs to a BTC vendor that I bought the BTC from to pay you.

    2. Dave 126 Silver badge

      Your post is in essence the above-linked XKCD 'Security' , aka '$5 Wrench', as any real blue badged boffin would know! ;)

  15. Milton Silver badge

    Perfect vs Trade-offs

    Surely we all know there is no such thing as "perfect" security (or "perfect" anything), and that phrases like "100% unhackable" are doomed to disproof. In IT, effective performers have long since learned that striving for perfection is to waste time, when in truth all we should ever have aimed for is "good enough". Thus knowing "what good looks like" is an important ability—and, by the bye, is vital for both customer and developer.

    Security is no different. There is no Perfect. There are only the trade-offs of money, time and expertise invested in protecting stuff, versus the consequences of its compromise, all stacked against the capability and intent of potential adversaries.

    Example: You've got a good, solid garden shed. Breaking through its doors or windows would cause so much noise that the potential burglar would be discovered and arrested. The only way in, then, is through the padlocked door. You've used security heads and decent fixings, so the burglar has to open or destroy the lock. That's his only option. Let's assume that with a glance through the window, the burglar can quickly assess the value and desirability of what's inside.

    Now if the shed contains tatty old gardening equipment and a 10-year-old mower and rusty tools, you may fit a cheap padlock that acts as a visible deterrent. For the sake of dragging away a heavy old mower he'd only get £20 for, the burglar simply can't be bothered to spend fifteen minutes hacksawing off the lock. There are better pickings along the street. Move on.

    Suppose instead you have a brand-new beautiful titanium and carbon fibre top-end mountain bike worth £10k in there. Now you're gonna think harder, and spend some time finding a better padlock. One of the things you'll consider is "How difficult will it be to break this lock?" which also amounts "How long would it take?" You cannot buy a perfectly unbreakable lock. But you can find one which, for a price, would take a long, long time, special tools and great effort to bust through. Our friend the burglar may now by much more motivated to get into the shed, and he may come back with a serious set of bolt cutters (thus, intent and capability are both markedly greater) ... but if he's still chopping away futilely at sunrise, your "good enough" security has done its job.

    In fact, all security is like this. There is no absolute unbreakability, but we can invest in a level of difficulty which is appropriate to the value of the asset and the capability and intent of adversaries. If you're using an encryption scheme with larger key sizes, for example, you are not guaranteeing that your messages will never be broken, but you are ensuring that they'll remain secret for, say, 50 years. (Notwithstanding quantum possibilities, which are driving some paranoid agencies to deploy high-tech one-time pads again.)

    The Bitfi trips over its silly and unrealistic claims, proving once again that marketurds are awful liars. It would have done better to emphasise why its security made the product a better option—but not claim a perfect one. Possibly the tsunami of scorn would have been averted.

    1. Charles 9 Silver badge

      Re: Perfect vs Trade-offs

      "In fact, all security is like this. There is no absolute unbreakability, but we can invest in a level of difficulty which is appropriate to the value of the asset and the capability and intent of adversaries. If you're using an encryption scheme with larger key sizes, for example, you are not guaranteeing that your messages will never be broken, but you are ensuring that they'll remain secret for, say, 50 years. (Notwithstanding quantum possibilities, which are driving some paranoid agencies to deploy high-tech one-time pads again.)"

      But the problem with your idea is that cryptographic warfare can easily get VERY asymmetric. Like you said, what if the US actually has a working quantum computer hidden under its data center in Utah? Then most every encryption out there is already broken wider than open, and practically all the post-quantum algorithms out there have weaknesses that can be exploited to break them. Even the one-time pad is not immune. You simply have to take your quarry by surprise and they won't have a chance to destroy the pad before it's used up, Even if they do, you've disrupted their communication channel, meaning they have to get another, opening up avenues for interception and doubling.

      In the end, cryptographic warfare is a lot like a siege. You can only hold out for so long. Problem is, many of your adversaries are either patient enough to wait you out or resourceful enough to overwhelm you.

      1. JohnFen Silver badge

        Re: Perfect vs Trade-offs

        "In the end, cryptographic warfare is a lot like a siege. You can only hold out for so long"

        This is a key point that escapes a lot of people. The proper use and expectation of cryptography isn't that your encrypted data can never be cracked. It's that it should take enough time and money to crack it that by the time that happens, the data is no longer useful.

        1. Charles 9 Silver badge

          Re: Perfect vs Trade-offs

          True, plenty of data is ephemeral, but a lot isn't as ephemeral as you think and can easily become Six Lines. And the enemy, like I said, is either patient enough to wait you out or resourceful enough to beat the clock.

  16. Cuddles Silver badge

    Hmm

    "The Bitfi bods were also lampooned for claiming, publicly, that their device doesn't have any storage, prompting people to post images of the actual chip within the device that, you know, stores the firmware."

    Forget needing pictures of the chip, the entire point of the device is to store your pretend money. Claiming it doesn't have any storage is literally stating that it's incapable of doing the only job it's supposed to.

  17. J.G.Harston Silver badge

    6580?

    So, an 80-bit 6502?

    1. Stoneshop Silver badge

      Re: 6580?

      6502 = 8 bit, 64k address range.

      6580 = 40 * 8 bit, 40 * 64k, or 320 bit, 2.136E96 address range

  18. pogul

    Money talks, bullshit walks

    Isn't that a quote from Spinal Tap?

    1. 404 Silver badge

      Re: Money talks, bullshit walks

      No, that's Life.

      1. Huw D
        Trollface

        Re: Money talks, bullshit walks

        "That's Life"?

        You mean Esther Rantzen and her curious shaped vegetables?

        Who'da thunk it!

        1. dajames Silver badge

          Re: Money talks, bullshit walks

          You mean Esther Rantzen and her curious shaped vegetables?

          Vegetables? I had some idea they might be teeth ...

  19. This post has been deleted by its author

    1. Androgynous Cupboard Silver badge

      Re: What about that Wi-Fi part?

      You've heard of TLS? That's precisely the issue that properly implemented TLS is designed to avoid. I have no idea of said device uses TLS of course.

  20. DougS Silver badge

    Business plan

    1) Create super cheap device using off the shelf parts, enabling high margins with minimal design costs

    2) Announce to the world that it is unhackable, challenging security professionals to hack it

    3) Sell hundreds of them to security researchers who want in on the bounty, plus probably thousands more to amateurs or fools from the publicity

    4) Close up shop after the sales dry up, no more company means no payouts need be made

    1. usbac

      Re: Business plan

      You forgot part 3b:

      3b) Make the rules of the so-called bounty program so razor thin that you can wiggle out of paying the bounty.

  21. regbadgerer

    Patch for a weakness that doesn't exist... ROFL!

    "However, if such a weakness is discovered, we already have a patch to fix it"

    How would you have a patch for it if it doesn't exist? If it does exist, roll out the patch. If it doesn't, stop claiming you've got a patch for it.

    Surely these people are aware how absurd their claims are - they must basically just be going after the bottom 10% of the market in the hope of making a little profit on the few devices they ship. Morally not dissimilar to a 419 scam.

  22. HTDutchy

    I have the ultimate answer but no one is allowed to get it until they are dead.

    ""At this time, we have no evidence whatsoever that the claims being made by these individuals are true," Khesin added. "However, if such a weakness is discovered, we already have a patch to fix it so that it would become impossible to do indefinitely."

    We're told Bitfi will only deploy the patch if the bounty is claimed."

    So you have an awesome security patch... and you are a security based operation... yet you don't release it?

    Oh wait, there is no software on the device so using the same magic by which the device is running, the patch will appear magically when it's needed and will block the evil wizards from getting their filthy hands on their money.

    More marketing bull and professional amateurism if you ask me.

    I think we'll hear about this company again very soon, either because they are being sued or have gone bankrupt.

  23. Anonymous Coward
    Anonymous Coward

    I made an unhackable device

    It worked flawlessly, I simply rotated the device through five dimensions ... trouble is, I can't find it now. Anon of course, in case it turns up on your desk.

  24. Stuart Halliday

    "Unhackable", sounds like "Unsinkable".

    We all know how that went...

  25. el_oscuro

    McAfee

    Prior to going to Belize for a vacation, we checked travel advisories from the State Department. For Belize, they had issued warnings for numerous McAfee sitings.

  26. fidodogbreath Silver badge

    Perhaps it's a feature, then

    "At this time, we have no evidence whatsoever that the claims being made by these individuals are true," Khesin added. "However, if such a weakness is discovered, we already have a patch to fix it so that it would become impossible to do indefinitely."

    The bug doesn't exist, but we've already fixed it.

    All right, then.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019