UPDATED 21:54 EST / JANUARY 09 2018

INFRA

Hijacking for cryptocurrency mining: coming to a public Wi-Fi hotspot near you

Connecting to public Wi-Fi networks has always come with a certain level of risk, but in a new twist, the next time you connect at your local cafe, it could be hijacked to mine for cryptocurrencies.

Initially published as a proof of concept but possibly now being used in the wild, the “CoffeeMiner” exploit uses public Wi-Fi networks to inject cryptocurrency mining scripts in the browsing sessions of anyone connected to the Wi-Fi point.

The attack works using a “man-in-the-middle” method in which the attacker sends spoofed Address Resolution Protocol messages using the “dSniff” library to the targeted network. Once access been obtained, the attacker can intercept all traffic on the public network and then use so-called Mitmproxy software to insert Javascript into the web pages visited by users.

The Javascript code, not surprisingly, comes from Coinhive and similar cryptocurrency mining services that have popped up in recent months. The Coinhive code, first detected in September when The Pirate Bay and then Showtime were found to be using it, hijacks the processor of a site visitor’s device to mine for Monero, a cryptocurrency favored by cybercriminals thanks to its high level of anonymity.

Although no one using the CoffeeMiner method has yet been officially detected, the idea of Wi-Fi networks being hijacked to mine for cryptocurrencies isn’t a new one. In December, a network in a Starbucks in Buenos Aires was found to be hijacking “connected computers to use their processing power to create digital cash,” according to the BBC. That same report noted that it’s not clear how the hijacking took place, but the attackers could, in theory at least, have used the same methodology.

Regardless of the how or why, some suggest there are other lessons to take away. “We don’t even touch public doorknobs without a paper towel or a squirt of Purell, why on earth would anyone freely connect to a public wifi network?” Scott Petry, co-founder and chief executive officer of Authentic8 Inc., told SiliconANGLE. “There’s no surprise in this story — it’s how the internet works. The surprise is that people are still exposing themselves to these exploits. Someday soon we’ll look back in shock on how careless we were on the internet.”

Photo: wfryer/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU