Vulnerable IoT devices, from smartphones to security cameras and smart TVs can be hijacked and used mine cryptocurrencies, cybersecurity firm Avast demonstrated this week at the Mobile World Congress in Barcelona, Spain. The Czech-based firm showcased the problem by giving conference-goers a firsthand look at a “hacked” network, where inter-connected devices were collectively mining the cryptocurrency Monero in what’s called a botnet.
Mining is the process of verifying transactions on a cryptocurrency network by solving complex mathematical algorithms. Bitcoin and other cryptocurrencies are difficult to mine without having purpose-built, high-powered computers, but Monero is different. Monero mining can utilize the power of a network of internet-connected devices.
The company said that based on its tests if it were able to get 15,000 internet-connected devices onto its hacked network, it would be able to mine $1,000 of the cryptocurrency in four days. In theory, a real-world attack would be made possible if hackers did just this, taking over a network of devices and using their combined computing power to mine.
While $1,000 might not sound like a lot of profit, the potential is huge. In 2017 there were an estimated 8.4 billion of internet-connected devices, but by 2020 it’s estimated there will be over 20 billion, according to a forecast by research firm Gartner.
“This ubiquity of devices combined with the fact they are so easy to attack makes them an attractive target,” Ondrej Vlcek, the chief technology officer at Avast, told CNBC.
It is worth remembering that Avast does have a product to sell: Later this year it intends to release a smart home security package that protects against such hijackings.
IoT
The Internet of Things (IoT) is the interconnection (via the internet) of computing devices embedded in everyday objects, enabling them to send and receive data — think smart houses. The issue with the IoT is that to increase function, connectivity is being inserted into millions of everyday items, making it possible to cram new functionality into everything from speakers to thermostats — each one of which is effectively a computer of sorts. Gather enough of them into one botnet, and you can harness a large amount of computing power.
We’ve been hearing a lot about security and hacking in relation to crypto-mining as of late. North Korean government-backed hackers have been running campaigns aimed at hacking devices to mine Monero, and recently China has been having trouble with related Monero-mining bot the Jenkins Miner. The Jenkins Miner is an operation designed to mine Monero by actively spreading Monero mining malware across computers networks. The operators of this botnet have hijacked thousands of computers already.
