If you’ve ever hopped on a public Wi-Fi network, whether that’s at a local Starbucks or while killing time waiting for a flight at an airport, you’re at risk of all sorts of attacks. But thanks to the rocketing valuation of cryptocurrencies like bitcoin and monero, there’s one more worry to add to the list: Someone hijacking your computer to mine for cryptocurrency.
A Spanish developer working under the name Arnau released a proof-of-concept paper showing how one could hack a public Wi-Fi network to mine virtual currency. Arnau was inspired by a recent case in Buenos Aires, where a Starbucks public Wi-Fi access point took over users’ laptops for ten seconds to mine for bitcoin. While Starbucks moved quickly to resolve the problem (it’s still not clear if their internal Wi-Fi was hacked, or if the local ISP provider they were using was doing something shady), the idea was enough to intrigue Arnau. “I thought it might be interesting [to] perform the attack in a different way,” he writes in his paper.
The attack, which Arnau dubs “CoffeeMiner” in honor of the Starbucks incident, is at heart what’s known as a “man in the middle” attack. An attacker finds a public Wi-Fi hot spot where multiple devices are logging in. The basic idea of CoffeeMiner is outlined below:
In the normal flow of traffic, things would look like this:
But a man-in-the-middle attack then tricks all of the other devices logging into a Wi-Fi hot spot to route their traffic through the attacker’s computer instead of directly into the Wi-Fi router, so traffic instead looks like this:
Once traffic is being routed through the attacker’s computer, the attacker can inject a simple JavaScript that forces their laptops, smartphones, or tablets to access a website that then uses the program Coinhive to mine for bitcoin. This can be a tremendous drain on your computer’s resources — mining for cryptocurrency is both energy- and processor-intensive. If you were unlucky enough to be a victim, you’d likely see your phone or laptop slow to a crawl while also draining battery at an increased rate.
While Arnau’s attack only works on traffic being sent through unencrypted HTTP sites, not encrypted HTTPS sites (i.e., those sites with the little green lock symbols on them), there are work-arounds for this. A script known as “sslstrip,” first presented at a DEF CON conference in 2009, could easily force sites to shift to HTTP.
The best way to protect against CoffeeMiner? The same thing you should be doing anytime you use a public Wi-Fi access point: Use a VPN. While there’s no such thing as complete security, using a paid VPN like NordVPN, PureVPN, or Private Internet Access will create a secure tunnel between you and the coffee-shop router, encrypting all of your traffic (even traffic routed through normally unencrypted HTTP sites). If anyone is going to waste your computer’s time and resources, it should be you.
