By Nick Flaherty www.flaherty.co.uk
Anti-virus developer Avast is tapping into visitor’s phones at Mobile World Congress in Barcelona this year to highlight the vulnerability of devices to mining cryptocurrencies. Nearly 60,00 devices in the city are potentially vulnerable.
It is also planning to launch its own hardware hub to protect smart home networks, and was using this as an example of how cryptojacking works.
Initial research by Avast shows that an army of more than 15,800 devices would be needed to mine $1,000 in Monero coins over the four days of the congress. Smartphones and IoT devices, like smart TVs or webcams or thermostats, often have very low computation power, which is bad for mining. For this reason, cybercriminals are looking to attack devices at a mass scale to maximize profit. Mining on IoT devices remains largely invisible to the consumer; unlike a PC, it’s not as noticeable when an IoT device heats up or loses performance.
“Until recently, cybercriminals were focused on spreading malware to turn PCs into crypto-mining machines, but now we are also seeing an uptick in attacks targeting IoT devices and smartphones,” said Gagan Singh, Senior Vice President and General Manager, Mobile, at Avast. “According to current data from Shodan.io, 58,031 smart devices in Barcelona are vulnerable. If each of these devices were recruited to a botnet to mine Monero at Mobile World Congress, cybercriminals could earn the approximate equivalent of $3,600, or €3,000. The costs involved in mining are so high that profit from cryptocurrency mining is very low, encouraging cybercriminals to not attack tens of thousands but millions of devices.”
Last year the first IoT botnet appeared, a new version of the Mirai botnet emerged to mine cryptocurrencies. Since then, the risk of cybercriminals taking control of IoT devices to profit from cryptocurrency mining has increased.
The demonstration of mining was to highlight its new tool called Smart Life to address IoT security threats that will also come with a smart hub device. This uses machine learning to identify and block threats and is delivered through a Software-as-a-Service (SaaS) model to service providers and customers.
“It has been five years now since the first well-publicized hack of a baby monitor in Texas. Since then, IoT devices have transformed our homes and workplaces, but the security of these connected devices has not been significantly improved and users are still at risk. We increasingly expect convenience and enjoyment from smart devices like smart speakers, smart doorbells or IP cameras, but with this rapid adoption comes a real urgency to address the complex challenge of protecting them,” said Gagan Singh, Senior Vice President and General Manager of Mobile at Avast.
“With over 400 million active users worldwide at Avast, we get unparalleled insights into how IoT devices work which feed our cloud-based machine learning engine to identify and quickly block anomalies, botnets and other threats to IoT devices. When developing the Smart Life platform to harness the power of this technology, our focus was on delivering a security service that is easy for people to use to secure all of their IoT devices and networks,” he said.
Many smart devices can be compromised, including thermostats, streaming boxes, webcams and digital personal assistants. One of the more common types of attack is when cybercriminals hack thousands of IoT devices in unsuspecting households to create botnets to perform attacks on others.
One of Avast’s initial offerings based on the Smart Life platform, Avast Smart Home Security, will provide protection and visibility into what is happening on their home network. Key features include the detection of privacy threats, botnets and malware as well as safe browsing and prevention of Distributed Denial of Service (DDoS) attacks.
For example if a smart heating thermostat is turned on at an unusual time and is transmitting data in high volume to an unknown location, then Avast can instantly take action to shut down the attack and alert the family to the activity. This will be available later this year through a mobile app along with a hub that connects to the home network.