RSA 2018: Avast demonstrates cryptomining vulnerabilities with IoT experiment to raise awareness of risks to smart devices
At RSA 2018, Avast, the global leader in digital security products, will be performing an experiment that reveals vulnerabilities in IoT and mobile devices through a live demonstration of mining of the cryptocurrency Monero. The experiment will highlight to RSA attendees the risks malicious cryptomining poses when Internet of Things (IoT) devices are hijacked for this purpose. Avast research found two in five people were not aware there are malwareand infected websites mining cryptocurrencies. The study, conducted by Avast in March 2018 with over 2,300 computer users in the U.S, also found that 25 percent of those polled did not know what cryptocurrency is.
The experiment at RSA will invite all attendees to take part in a cryptomining challenge using their own personal smartphones to mine Monero, in order to encourage a deeper understanding of the threats posed by malicious cryptomining. The study found that people also held some misconceptions about cryptomining; nearly half of users, 47 percent, say they aren’t afraid of cryptomining malware because they believe that cryptominers can’t spy or steal data (13%), and that not owning cryptocurrency or not being involved in mining themselves makes users immune to cryptomining processes (19%).
“With the growing IoT landscape, PC users are no longer the sole victims of cryptomining malware. Now, IoT devices and smartphones are just as easily hijacked and turned into cryptomining machines — and it doesn’t matter if you own cryptocurrency or not,” said Ondrej Vlcek, CTO, EVP and GM, Consumer, at Avast. “This is the kind of malware that can run quietly in the background of any smart device. Our hope at Avast is to dispel myths and educate users on the very real risks cryptomining presents to personal data and device performance.”
As the cyber threat landscape multiplies alongside the growing ecosystem of IoT devices, cybercriminals behind cryptomining malware maximize profit faster. The first IoT botnet, a variant of the Mirai botnet, appeared in 2017 providing cybercriminals the most profit when attacking devices at a mass scale. Initial research by Avast shows that 12,000 vulnerable IoT devices would be needed to mine $1,000 in Monero coins over the duration of RSA.
For users, identifying malware on IoT devices is difficult. Mining on IoT devices remains largely invisible to the consumer, and can often result in high energy bills, poor device performance, and a shortened device lifespan. In addition to cryptomining, data privacy is a risk largely unaddressed in the IoT landscape. Later this year, Avast will be providing consumers with a new protection and privacy offering, Avast Smart Home Security, which defends against IoT security threats to keep people’s homes secure and their private lives private.
At the Avast booth S. #429, visitors will have the opportunity to participate and witness cryptomining in real-time. The cryptomining challenge will demonstrate the risk of cryptomining malware on a user’s mobile device. Attendees that participate in the mining challenge with their own phone will receive a power bank and entered into a drawing. At random, a winner will be chosen to take home a Samsung Galaxy S9 with the Avast Mobile Security app installed, protecting users from threats including cryptomining malware.
RSA attendees can visit the Avast booth at South Expo #429 to view and participate in the demonstration.