During RSA 2018, Avast, the leading global company the products of digital security, will perform an experiment that demonstrates the vulnerabilities in IoT and handheld devices through a live demonstration of mining of the cryptocurrency Monero. The experiment will highlight to those attending the RSA conference the pitfalls malicious crypto-mining poses when Internet of Things (IoT) devices are hacked for this use. Avast research found two in five people were not aware there are malware and infected websites mining cryptocurrencies. The study put forward by Avast in March 2018 with over 2,300 computer users in the US, also found that 25 percent of those polled did not understand what cryptocurrency actually is.
In the experiment at RSA, attendees will be invited to take part in a crypto-mining challenge using their own personal smartphones to mine Monero, in order to cultivate a greater understanding of the threats posed by malicious crypto-mining. The study also discovered that individuals held certain misconceptions about crypto-mining, saying that “47% believe there is nothing to fear from cryptomining [sic] malware, including 13% who believe that cryptominers cannot spy or steal data, and 19% who believe that not owning cryptocurrency or not being involved in mining themselves makes them immune to cryptomining processes.”
“With the growing IoT landscape, PC users are no longer the sole victims of cryptomining malware. Now, IoT devices and smartphones are just as easily hijacked and turned into cryptomining machines — and it doesn’t matter if you own cryptocurrency or not,” said Ondrej Vlcek, CTO, EVP and GM, Consumer, at Avast.
“This is the kind of malware that can run quietly in the background of any smart device. Our hope at Avast is to dispel myths and educate users on the very real risks cryptomining presents to personal data and device performance.”
As the cyber threat landscape multiplies alongside the growing ecosystem of IoT devices, cybercriminals behind crypto-mining malware maximize profit faster. The first IoT botnet, a variant of the Mirai botnet, appeared in 2017 providing cybercriminals the most profit when attacking devices on a mass scale. Initial research by Avast shows that 12,000 vulnerable IoT devices would be needed to mine $1,000 in Monero coins over the duration of RSA.
For users, identifying malware on IoT devices is very tricky. Mining on IoT devices remains hard to spot for the consumer, and can often result in very high energy bills, poor device performance, and a shortened lifespan of a device. In addition to crypto-mining, data privacy is a risk largely unaddressed in the IoT landscape. As such, in the future, it is likely, that many anti-virus providers will be looking to broaden their landscapes and offer greater security.