About the talk

You may have heard of Bitfi. The one-and-only truly unhackable hardware wallet, backed by the one-and-only inventor of cybersecurity, John McAfee. They were so confident that no-one could hack it that they set up a $100,000 bounty, which quickly rose to $250,000 and finally $20,000,000.

Unhackable is a very bold claim, and one we quickly found didn’t stand up to scrutiny. It turned out to be based on an Android phone, running a couple of custom APKs. It was rooted in under a day, backdoored a few days later, and finally, a cold-boot attack was developed.

Andrew Tierney (@cybergibbons) talked about some of the social media circus, some of the ethics, and explained how the attacks actually worked for Bitfi at – Hardware Security Conference & Training, The Hague, Netherlands 2018.



Security Consultant at Pen Test Partners

Andrew has many years of experience in security, mainly working with embedded systems. As the Internet of Things trend developed, he expanded his skills into the realms of web applications and mobile applications. Blogging and documenting his findings rapidly gained him exposure, and a number of high-profile UK companies approached him to test their devices and systems.