The web-publication Malwarebytes defines cryptojacking (also called malicious crypto-mining) as “an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies.”
A hacked smart home device that’s being used for crypto-mining will still appear to work albeit slower than normal. How can you tell if you have a device on your network that’s been hacked? It’s difficult for the average homeowner… ever wonder why your router LED’s are so active in the middle of the night when you’d expect there to be nothing going on? It makes you wonder.
SCO magazine reported that “No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant”, and that cryptojacking kits are available on the dark web for as little as $30.
A hijacked smart device can make about two cents per day by participating in a mining pool. That doesn’t sound like much until you remember how many devices there are in the world and the potential to scale the practice. CNBC reported Hackers can make about $1000 every 4 days for every 15,000 smart home devices in their bot-net army – and these army’s can be big. Looking at the potential to scale, ARS Technica reported that a 21-year-old Washington man just pleaded guilty to creating botnets that enlisted hundreds of thousands of routers, cameras, and other Internet-facing devices; over 800,000 devices. With 15,000 hacked devices producing $1000 every 4 days, that rolls up to almost $5 million per year. Not bad for a 21-year-old. With 20 billion smart devices in the world this year, if you could enlist just 1 out of every 100 devices, you’d be making just over $1 billion per year.
Looks like a reasonable profit motive.
Do you care?
Smart home devices don’t make for very efficient crypto-mining machines, but what they lack in processing power they more than make up for in shear numbers. Cryptojacking is only a thing because it’s easy and free (to the hacker). The cost of the power and the internet connection greatly exceed the money generated – so you pay for the device and the utilities and the hacker gets the money. The compromised device will probably still function, but it will be slow and possibly warm to the touch. The busy little device(s) may also impact your available WiFi bandwidth, interfering with streaming video or gaming applications. So yes – you should probably care.
The risk of this happening and the utility of your smart device to hackers is greatly reduced if you can keep your devices disconnected from the internet when you’re not using them. The simplest thing to do is to put your WiFi router on hourly timer and have it shut off when you’re sleeping. Alternatively, Off Hours keeps your network off automatically at night and when you’re away from home which can be as much as 80% of the time during the work week. The system is cellular so you can turn it back on from wherever if you need access to a networked resource like your smart thermostat or smart garage door opener.
If you’d like to read more about crypto-mining, I found a nice overview here.
February 21, 2020