快譯：邁克菲所稱的「不可撼動的」比特幣錢包被黑客入侵

08-21

John McAfee threw down

the gauntlet last week when claiming his newly-created Bitcoin wallet, Bitfi,

was 「unhackable.」 It took security researchers less than a week to hack it.

當邁克菲聲稱他新創造的比特幣錢包Bitfi「不可撼動」時，安全研究人員花了不到一周的時間就破解了它。上周約翰邁克菲隨後放棄了這一挑戰。

As of yesterday, a Dutch security researcher known

as 「OverSoft」 claimed to have root access to McAfee』s unhackable wallet. In a

tweet, the researcher(s) said:

截至昨天，一位名為「OverSoft」的荷蘭安全研究人員聲稱root了邁克菲不可撼動的錢包。在推文中，研究人員說：

Short update without going into too much detail

about BitFi:We have root access, a patched firmware and can confirm the BitFi

wallet still connect[s] happily to the dashboard.

關於BitFi的簡短的更新：我們有root訪問許可權，修補後的固件，同時可以確認BitFi錢包仍然無察覺的連接到展示板。

There are NO checks in place to prevent that like

claimed by BitFi.

沒有任何BitFi聲稱的那種檢查，防止如上事情的發生。

BitFi didn』t immediately respond, but a later

tweet seems to confirm the security breach. That said, Bitfi didn』t confirm

OverSoft — or anyone else — had actually breached the system. We』ve reached out

for comment, but Bitfi hadn』t responded as of this writing.

BitFi沒有立即回復，但後來的推文似乎證實了安全漏洞。也就是說，Bitfi沒有證實OverSoft - 或任何其他人 - 實際上已經攻陷了該系統。我們已經聯繫過Bitfi要求解釋，但Bitfi在寫這篇文章時沒有回應。

Bitfi CEO Daniel Khesin then seemingly sent out a

distress call of sorts, claiming 「we need help.」

Bitfi首席執行官Daniel Khesin隨後似乎發出了各種各樣的求助電話，聲稱「我們需要幫助」。

Dear friends, we』re announcing a second bug bounty

to help us assist potential security weaknesses of the Bitfi device. We would

greatly appreciate assistance from the infused community, we need help. Here

are the bounty conditions: http://bitfi.com/bounty2

Thank you, Daniel Khesin CEO」

親愛的朋友們，我們宣布第二個漏洞獎勵，以幫助我們幫助Bitfi設備修復潛在的安全漏洞。我們非常感謝來自社區的幫助，我們需要幫助。以下是賞金條件：http://bitfi.com/bounty2

謝謝，首席執行官Daniel Khesin 「

Things only got weirder from there, with the

original hackers claiming Bitfi had no intention of paying the $250,000 bug

bounty. 「It』s pure marketing,」 OverSoft said.

事情突然從那裡變得更奇怪，最初的黑客聲稱Bitfi無意支付250,000美元的蟲子賞金。「這純粹只是個營銷手段，」OverSoft說。

Also of note is that OverSoft hacked the device

without actually owning or possessing one. This is kind of a big deal, as the

device costs $120, plus shipping, and may not actually be needed.

另外值得注意的是，OverSoft在沒有實際擁有或持有設備的情況下攻擊了該設備。這是一個大問題，因為該設備成本為120美元，加上運費，實際上可能並不需要。

You don』t need a BitFi device to run a BitFi

wallet. I repeat: there』s nothing in that device that is require for the BitFi

app to function. There』s NO secure element. They could』ve released it on the

Play Store as an app.

您不需要BitFi設備來運行BitFi錢包。我再說一遍：該設備中沒有任何東西需要BitFi應用程序才能運行。沒有安全組件。他們可以將其作為應用程序在應用商店中發布。

Currently, we』re in a state of limbo. McAfee

argues that gaining root access doesn』t constitute a hack, and that the hacker

needs to extract money from the wallet in order to change his mind. By

definition, though, OverSoft certainly hacked the wallet by gaining access to

the root folder directory, thus allowing him to run keyloggers, patch the

software, and do all sorts of nefarious things, if he were so inclined.

目前，我們處於不穩定的狀態。邁克菲認為，獲得root許可權並不構成黑客攻擊，黑客需要從錢包中提取資金才能改變他的看法。但是，根據定義，OverSoft通過訪問root文件夾目錄肯定會破解錢包，從而允許他運行鍵盤記錄器，修補軟體，並做各種邪惡的事情，如果他有如此傾向的話。

We』ve reached out to both Bitfi and OverSoft and

will update this piece as needed.

我們已經聯繫了Bitfi和OverSoft，並將根據需要更新這篇文章。

STORY BY Bryan

Clark

我的幣乎：幣乎 - 好文有好報！

我的支點：支點-幣圈投資看支點-下載支點APP-關注支點社區