Avast experiment demonstrates consumer IoT devices and smartphones unlawfully used for mining Cryptocoins
At Mobile World Congress 2018, Avast, the global leader in digital security products, will be performing an experiment to raise awareness of IoT and mobile vulnerabilities by mining the cryptocurrency Monero using a smart TV. In the past year, cybercriminals have increasingly abused smartphones and IoT devices to mine cryptocoins in the background without users knowing. To experience how their own device can be infected, attendees will be invited to take part using their smartphones to mine Monero, a popular cryptocurrency among cybercriminals due to its anonymity.
Initial research by Avast shows that an army of more than 15,800 devices would be needed to mine $1,000 in Monero coins over the four days of the congress. Smartphones and IoT devices, like smart TVs or webcams or thermostats, often have very low computation power, which is bad for mining. For this reason, cybercriminals are looking to attack devices at a mass scale to maximize profit. Mining on IoT devices remains largely invisible to the consumer; unlike a PC, it’s not as noticeable when an IoT device heats up or loses performance.
“Until recently, cybercriminals were focused on spreading malware to turn PCs into crypto-mining machines, but now we are also seeing an uptick in attacks targeting IoT devices and smartphones,” said Gagan Singh, Senior Vice President and General Manager, Mobile, at Avast. “According to current data from Shodan.io, a search engine for internet-connected things, 58,031 smart devices in Barcelona are vulnerable. If each of these devices were recruited to a botnet to mine Monero at Mobile World Congress, cybercriminals could earn the approximate equivalent of $3,600, or €3,000. The costs involved in mining are so high that profit from cryptocurrency mining is very low, encouraging cybercriminals to not attack tens of thousands but millions of devices.”
The complex ecosystem of IoT devices in homes and public locations creates new opportunities for cybercriminals to compromise people’s security and privacy. In 2017, the first IoT botnet appeared, a new version of the infamous Mirai botnet, to mine cryptocurrencies. Since then, the risk of cybercriminals taking control of IoT devices to profit from cryptocurrency mining has increased. For the user, this can mean high energy bills, poor device performance and a shortened device lifespan.
However, cryptocurrency mining malware is just one of the many risks connected homes face. Another major risk is privacy threats, which rise with the number of vulnerable security cams that record our day-to-day lives and smart speakers that listen to our conversations that could be hacked. Avast today announced Avast Smart Life, a solution that addresses IoT security threats to keep people’s homes secure and their private lives private.
At Avast’s booth, visitors will have the chance to see how much the smart TV and smartphones have mined in real-time. Attendees that participate in the mining experiment with their own phone will receive a power bank, and the participant that mines the most coins will win a Samsung Galaxy S8 with the Avast Mobile Security app installed, protecting users from threats including cryptomining malware. Avast will hold the Monero mined, and will donate the final amount at next year’s Mobile World Congress 2019 to the Spanish organization PantallasAmigas, an initiative that promotes the safe and healthy use of new technologies and responsible digital citizenship during childhood and adolescence.
Mobile World Congress attendees can visit the Avast booth in hall 7, stand 7C60 to view and participate in the demonstration.
Media: Gagan Singh, SVP and general manager of Mobile at Avast, is available for briefings about the future of IoT security at Avast’s booth.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.