Skip to Content

How Criminals Can Mine Cryptocurrency With Your Poorly-Secured Smart Devices

Hackers who quietly commandeer thousands of poorly-secured connected devices—such as “smart” TVs and thermostats—can get rich by using them to mine cryptocurrency. Well, rich-ish.

At this year’s Mobile World Congress in Barcelona, the Czech security firm Avast demonstrated the problem by showing conference-goers a “hacked” network, where the devices were collectively churning out the monero cryptocurrency that’s gaining traction with criminals and even an adventurous media outlet.

There are a couple things worth noting here. First off, Avast has a product to sell. Later this year it intends to release a smart home security package that protects against such hijackings.

Secondly, we’re not talking about your internet-connected refrigerator earning some crook a huge amount of money on its own—according to Avast, it would take 15,000 hacked devices to mine $1,000 worth of the cryptocurrency over four days.

But that’s not much of a deterrent. The whole issue with the so-called “internet of things” is that connectivity is being inserted into billions of everyday items, making it possible to cram new functionality into everything from speakers to toothbrushes—each one of which is effectively a computer of sorts.

Gather enough of them into one so-called botnet, and you’ve got a sizeable amount of firepower that can attack major websites, or sit there making some crypto-cash in a surreptitious mining operation. And unfortunately, you don’t need to be an evil genius to use these botnets—they’re available to rent.

Internet-of-things devices frequently have dismal security (which, apart from making them vulnerable to being dragooned into botnets, also makes them a gift to spies). Sometimes this is a result of manufacturers that don’t issue updates after selling them; sometimes it’s down to users not changing the default password; sometimes it’s because the manufacturers hard-code the same password into each device they sell.

That state of affairs exists, so it’s no surprise that criminals can make money off other people’s devices and energy, without them even knowing it.