Home Crypto Currency Cryptocurrency miners exploit unsuspecting public WiFi users

Cryptocurrency miners exploit unsuspecting public WiFi users

167
0
SHARE


Beware of public WiFi and covert cryptocurrency miners
Beware of public WiFi and covert cryptocurrency miners

Image: ALEX HOFFORD/EPA-EFE/REX/Shutterstock

As the hubbub around cryptocurrencies continues to grow, so, too do the ways that more nefarious folks can exploit clueless individuals. And one coder has shown how you could be at risk when browsing on a public Wi-Fi server.

Software developer Arnau flagged the issue recently (via ZDNet), citing a recent case in which someone was exploiting public Wi-Fi at a Buenos Ares Starbucks, and explored what’s called a “MITM (Man-In-The-Middle)” attack.

In these attacks, the hacker can “inject a javascript” into the html of a page using a public Wi-Fi connection and, in turn, use the computers of other unsuspecting users on the same network to mine cryptocurrency for the hacker. 

As ZDNet explains it, for the more technically-inclined among us:

The attack works through the spoofing of Address Resolution Protocol (ARP) messages by way of the dsniff library which intercepts all traffic on the public network.

Mitmproxy is then used to inject JavaScript into pages the Wi-Fi users visit. To keep the process clean, the developer injected only one line of code which calls a cryptocurrency miner.

Arnau was able to successfully recreate the exploit described in the Starbucks case, which was then, appropriately named CoffeeMiner thanks to those dark-roasted origins.

The lone weakness of the mining script is time. CoinHive, a miner mentioned by Arnau, needs the victim to be on a page for at least 40 seconds to make the effort worthwhile.

But your best bet in protecting yourself against such attacks, besides limiting your time on unsecured public networks, are a handful of security tools, such as the ones Motherboard pointed out in December of 2017.

Symantec had to “fine-tune” some of its security tools in September to block malicious cryptocurrency miners, [Candid Wueest, principal threat researcher for Symantec] said. There are free ways to protect yourself too: You can , and there’s even an open source script blocker on GitHub .

So update your tools and stay sharp out there — which you really should be doing anyway because of, well, everything — because as cryptocurrency values skyrocket, so will the number of folks looking to get rich off of the oblivious.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f83592%2f50e61165 7109 4146 add7 c30f0d53f134





Source link