As the hubbub around cryptocurrencies continues to grow, so, too do the ways that more nefarious folks can exploit clueless individuals. And one coder has shown how you could be at risk when browsing on a public Wi-Fi server.
Software developer Arnau flagged the issue recently (via ZDNet), citing a recent case in which someone was exploiting public Wi-Fi at a Buenos Ares Starbucks, and explored what’s called a “MITM (Man-In-The-Middle)” attack.
As ZDNet explains it, for the more technically-inclined among us:
The attack works through the spoofing of Address Resolution Protocol (ARP) messages by way of the dsniff library which intercepts all traffic on the public network.
Arnau was able to successfully recreate the exploit described in the Starbucks case, which was then, appropriately named CoffeeMiner thanks to those dark-roasted origins.
The lone weakness of the mining script is time. CoinHive, a miner mentioned by Arnau, needs the victim to be on a page for at least 40 seconds to make the effort worthwhile.
But your best bet in protecting yourself against such attacks, besides limiting your time on unsecured public networks, are a handful of security tools, such as the ones Motherboard pointed out in December of 2017.
Symantec had to “fine-tune” some of its security tools in September to block malicious cryptocurrency miners, [Candid Wueest, principal threat researcher for Symantec] said. There are free ways to protect yourself too: You can , and there’s even an open source script blocker on GitHub .
So update your tools and stay sharp out there — which you really should be doing anyway because of, well, everything — because as cryptocurrency values skyrocket, so will the number of folks looking to get rich off of the oblivious.